A HIDS (host-based intrusion detection system) for verifying the integrity of a system.
$ pyhids misp --help
usage: pyhids misp [-h] [--pythonify] [--return-format {openioc,json,xml,suricata,snort,text,rpz,csv,cache,stix-xml,stix,stix2,yara,yara-json,attack,attack-sightings,context,context-markdown}]
options:
-h, --help show this help message and exit
--pythonify Returns a list of PyMISP Objects instead of the plain json output.
--return-format {openioc,json,xml,suricata,snort,text,rpz,csv,cache,stix-xml,stix,stix2,yara,yara-json,attack,attack-sightings,context,context-markdown}
Set the return format of the search.
$ pyhids misp --pythonify
[<MISPAttribute(type=filename|sha1, value=df3f35df7d529b38e524275bee0672cb|da39a3ee5e6b4b0d3255bfef95601890afd80709), <MISPAttribute(type=filename|sha1, value=sT2kYW.exe|da39a3ee5e6b4b0d3255bfef95601890afd80709),]
It is now possible to export the database of pyHIDS in a Bloom or a Cuckoo filter.
$ pyhids export --bloom-filter
Bloom filter generated and stored: var/bloom/bloomfilter.bf
$ pyhids export --cuckoo-filter
Cuckoo filter generated and stored: var/cuckoo/cuckoofilter.cf
Various improvements and minor fixes.
YARA can now be used in order to look for malicious files in the database of pyHIDS.
Small fixes and improvements.
This release fixes an issue when no configuration file is found.
Fixed the installation with pipx and imporved the README.