The aim of this tool is to run yara rules in a large scale environment.
Yara sweeper is useful to be used, in a live Incident Response situation, to scan processes running in memory
or files residing on disk.
It works on Linux, Windows and OSX.
On demand sweep. During Incident Response, invoke the agent to perform the scan on files, directory or running process with a quickly created yara rule pushed on git repository.
Continuous IOCs monitoring. Collect a library of yara rules based on IOCs built over time, and create scheduled tasks to run regularly sweeping on the endpoint for specified yara rules; the syslog events generated are sent to SIEM.
Dec 13th 2017
10 months ago