Skip to content

CIRCL/volatility-misp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

volatility-misp

volatility-misp - Volatility plugin to interface with MISP

volatility-misp is a volatility plugin that allows to pull yara rules from a MISP instance's yara attributes and use them in yarascan.

This is a work in progress, no documentation available yet

Requirements

  • Python 2.7 if used as a volatility module
  • Python 2.7 or 3+ if used as a library (excluding volatility_misp.py)
  • PyMISP
  • yara-python
  • volatility

Current capabilities

  • Pulling yara rules from a MISP server
  • Sorting valid yara rules from broken rules
  • Suggesting fixes for some of the broken rules (currently unused)
  • Running the valid yara rules on a memory dump (same capabilities and options as yarascan)

Releases

No releases published

Packages

No packages published

Languages