Skip to content

SAAS-s/IOC-Analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
minus_traffic.py
minus_traffic.py
 
 
test_script.py
test_script.py
 
 

Repository files navigation

IOC-Analysis

This project is designed to analyze network traffic captured in pcap files, extract Indicators of Compromise (IoCs), and cross-reference them with VirusTotal for threat intelligence. Additionally, it integrates Yara for file scanning and saves the results in JSON and CSV formats for Splunk and Tableau integration, respectively.

Technologies ✨

  • Python
  • Splunk
  • JSON
  • Tableau

Features 🚀

  • Extracts IPs and Domains: Parses pcap files to extract IP addresses and domain names.

  • VirusTotal Query: Cross-references extracted IoCs with VirusTotal to determine malicious activity and reputation scores.

  • Yara File Scanning: Scans files using Yara rules to detect potential threats.

  • Results Export: Saves analysis results in JSON format for Splunk and CSV format for Tableau visualization.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages