Skip to content
/ ThreatKB Public
forked from InQuest/ThreatKB

Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

License

GPL-2.0 license
0 stars 18 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zztytu/ThreatKB

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,009 Commits
app
app
 
 
data
data
 
 
migrations
migrations
 
 
tests
tests
 
 
wiki
wiki
 
 
.bowerrc
.bowerrc
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
Dockerfile
Dockerfile
 
 
Gruntfile.js
Gruntfile.js
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
README.md
README.md
 
 
bower.json
bower.json
 
 
config.py
config.py
 
 
docker-compose.yml
docker-compose.yml
 
 
docker-entrypoint.sh
docker-entrypoint.sh
 
 
env_template
env_template
 
 
fix_c2ip_locations.py
fix_c2ip_locations.py
 
 
generator.json
generator.json
 
 
hash_pass.py
hash_pass.py
 
 
install.bat
install.bat
 
 
install.sh
install.sh
 
 
manage.py
manage.py
 
 
package.json
package.json
 
 
requirements.txt
requirements.txt
 
 
run.py
run.py
 
 
run_agent.sh
run_agent.sh
 
 
run_web.sh
run_web.sh
 
 
setup.py
setup.py
 
 
testing_config.py
testing_config.py
 
 
threatkb_cli.py
threatkb_cli.py
 
 
uwsgi.yaml
uwsgi.yaml
 
 
wait-for-it.sh
wait-for-it.sh
 
 

Repository files navigation

NOTE: THIS REPO IS IN AN ALPHA STATE

ThreatKB is a knowledge base workflow management dashboard for Yara rules and C2 artifacts. Rules are categorized and used to denote intent, severity, and confidence on accumulated artifacts.

To start using ThreatKB, follow our guide.

Installing by Docker is the currently recommended way of setting up ThreatKB, directions are included as the first link in the wiki. Installation by source is included in the wiki as well.

Table of Contents

Thank You

ThreatKB utilizes Plyara to parse yara rules into python dictionaries. A huge thank you to the Plyara team! Links to the project are below:

https://github.com/8u1a/plyara https://github.com/8u1a/plyara/blob/master/LICENSE

When a release is created, the system first pulls all signatures that are in the release state. Then, it gathers all signatures that are in the staging state and checks their revision history for the most recently released revision that is in the release state. If it finds it, it will include it in the release. If it does not find any previously released revisions, it will skip the signature.

About

Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

Resources

Readme

License

GPL-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 50.6%
  • Python 31.9%
  • HTML 16.1%
  • CSS 0.9%
  • Shell 0.4%
  • Dockerfile 0.1%