Welcome to our

Cyber Security News Aggregator

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

First slide label

Some representative placeholder content for the first slide.

Second slide label

Some representative placeholder content for the second slide.

Third slide label

Some representative placeholder content for the third slide.

rastrea2r – Collecting & Hunting for IOC with gusto and style.

published on 2018-05-05 10:39:02 UTC by EL-Capitan
Content:

Description
Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r (pronounced “rastreador” – hunter- in Spanish) is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs) across thousands of endpoints in minutes. To parse and collect artifacts of interest from remote systems (including memory dumps), rastrea2r can execute sysinternal, system commands and other 3rd party tools across multiples endpoints, saving the output to a centralized share for automated or manual analysis. By using a client/server RESTful API, rastrea2r can also hunt for IOCs on disk and memory across multiple systems using YARA rules. As a command line tool, rastrea2r can be easily integrated within McAfee ePO, as well as other AV consoles and orchestration tools, allowing incident responders and SOC analysts to collect forensic evidence and hunt for IOCs without the need for an additional agent, with ‘gusto’ and style!

rastrea2r v0.3

Dependencies
+ Python 2.7.x
+ git
+ bottle
+ requests
+ yara-python

Currently Supported functionality
– yara-disk: Yara scan for file/directory objects on disk
– yara-mem: Yara scan for running processes in memory
– memdump: Acquires a memory dump from the endpoint ** Windows only
– triage: Collects triage information from the endpoint ** Windows only

Use and Download:

git clone https://github.com/rastrea2r/rastrea2r && cd rastrea2r
pip install -r requirements.txt

Create a virtual environment with all dependencies
$make venv
//Upon successful creation of the virtualenvironment, enter the virtualenvironment as instructed, for ex:
$source /Users/ssbhat/.venvs/rastrea2r/bin/activate

Start the rastrea2r server by going to $PROJECT_HOME/src/rastrea2r/server folder
python rastrea2r_server_v0.3.py

For ex, on a Mac or Unix system you would do:
$cd src/rastrea2r/osx/
$python rastrea2r_osx_v0.3.py yara-disk /opt http://127.0.0.1:8080/ test.yar

Source: https://github.com/rastrea2r

Article: rastrea2r – Collecting & Hunting for IOC with gusto and style. - published about 6 years ago.

https://seclist.us/rastrea2r-collecting-hunting-for-ioc-with-gusto-and-style.html
Published: 2018 05 05 10:39:02
Received: 2022 07 28 18:50:49
Feed: Security List Network™
Source: Security List Network™
Category: News
Topic: Security Tooling
Views: 1