hm-seclab / YAFRA

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
https://seclab.cs.hm.edu/oss-projects/yafra/
Apache License 2.0
27 stars 5 forks source link
cyber-threat-analyst cyber-threat-intelligence cyber-threats cybersecurity cyberthreatintelligence git github gitlab incident-response indicators indicators-of-compromise intelligence ioa ioc malware-research misp threat-hunting threat-intel threat-intelligence threatintel

YAFRA

Maintenance PRs Welcome Open Source Love png1

YAFRA stands for [y]et [a]nother [f]ramework for [r]eport [a]nalysis

Description

YAFRA is a semi-automated framework for analysing and representing reports about IT security incidents. Users can provide reports as PDF and YAFRA will extract IOCs (indicators of compromise). After extraction these IOCs will be enriched by external sources such as VirusTotal or MITRE in order to provide more context.

Installation and Configuration

For information about the installation and configuration have a look in the docs folder.

Examples

Example reports can be found on the website of the US-CERT (CISA): https://us-cert.cisa.gov/ncas/analysis-reports

Extensions

YAFRA provides a simple to use extension system called YAFRA-Extensions. For more information, have a look at the extensions folder.