Loki - Simple IOC and YARA Scanner
GPL-3.0 License
Bot releases are hidden (Show)
Published by Neo23x0 over 6 years ago
Published by Neo23x0 over 6 years ago
Published by Neo23x0 over 6 years ago
Published by Neo23x0 over 6 years ago
Published by Neo23x0 over 6 years ago
Published by Neo23x0 over 6 years ago
From:
LOKI: [Level]: [Message]
To:
LOKI: [Level]: MODULE: [Module] MESSAGE: [Message]
The changes to the log format allow you to use the THOR Splunk App and Addon for your LOKI log file analysis
THOR App https://splunkbase.splunk.com/app/3717/
THOR Addon https://splunkbase.splunk.com/app/3718/
Make sure to:
IMPORTANT: I will not support every dashboard but the App helps to you search and filter the LOKI results based on fields. The most important dashboard named "Universal Dashboard" should work. If you want to fix or improve other dashboard views, please send me your improvements. All this work (LOKI, the signatures and the Apps) are offered for free and most of the work is done in my spare time on weekends. Please consider this before reporting bugs in the dashboards that could be fixed in 2 minutes of your own time. If you want Enterprise grade tools and support, please visit our website and ask for a trial https://www.nextron-systems.com of such tools.
Published by Neo23x0 over 6 years ago
Published by Neo23x0 over 6 years ago
Published by Neo23x0 almost 7 years ago
Published by Neo23x0 almost 7 years ago
Published by Neo23x0 almost 7 years ago
Published by Neo23x0 about 7 years ago
hash.md5()
again (feature is missing in yara-python-3.6.3)Published by Neo23x0 about 7 years ago
The upgrade provides full support for PE module features used in LOKI's 'signature-base'.
Issues: with "pe.imphash"
Published by Neo23x0 about 7 years ago
Published by Neo23x0 about 7 years ago
Published by Neo23x0 about 7 years ago
filename
parameter that is used in YARA matchingPublished by Neo23x0 about 7 years ago
Published by Neo23x0 about 7 years ago
Send LOKI's logs to a remote syslog server (e.g. Splunk)
Script analysis (first POC; optional)
Published by Neo23x0 over 7 years ago
--rootkit
) due to issue with Symantec Endpoint Protection
Published by Neo23x0 over 7 years ago
\r\n
on Windows, \n
on other platforms)loki-WORKSTATION1.log
)