PyHIDS Versions Save

A HIDS (host-based intrusion detection system) for verifying the integrity of a system.

v0.9.4

6 months ago

Changes

  • [MISP lookup] The SHA1 values are now submitted in a single query;
  • [MISP lookup] A new argument lets the user specify if the final output must be returned as a list of PyMISP Objects instead of the plain json output;
  • [MISP lookup] Added possibility to specify the return format (json, stix2, csv, etc.);
  • [core] Errors are always displayed, even in non-verbose mode.

Example

$ pyhids misp --help
usage: pyhids misp [-h] [--pythonify] [--return-format {openioc,json,xml,suricata,snort,text,rpz,csv,cache,stix-xml,stix,stix2,yara,yara-json,attack,attack-sightings,context,context-markdown}]

options:
  -h, --help            show this help message and exit
  --pythonify           Returns a list of PyMISP Objects instead of the plain json output.
  --return-format {openioc,json,xml,suricata,snort,text,rpz,csv,cache,stix-xml,stix,stix2,yara,yara-json,attack,attack-sightings,context,context-markdown}
                        Set the return format of the search.

$ pyhids misp --pythonify
[<MISPAttribute(type=filename|sha1, value=df3f35df7d529b38e524275bee0672cb|da39a3ee5e6b4b0d3255bfef95601890afd80709), <MISPAttribute(type=filename|sha1, value=sT2kYW.exe|da39a3ee5e6b4b0d3255bfef95601890afd80709),]

v0.9.3

7 months ago

Changes

  • improved files handling and exit codes;
  • improved checks on the loaded database;
  • route errors from subprocess.run() to /dev/null.

v0.9.2

7 months ago

Fix

Fixed an issue related to the function responsible of returning the version of the software.

v0.9.1

7 months ago

Changes

  • various improvements to the command line;
  • new argument in order to specify if the output must be more verbose;
  • new argument in order to display the version of the software;
  • improved the creation of the default folders (for the YARA rules, Bloom filter and Cuckoo filter).

v0.9.0

7 months ago

New

It is now possible to export the database of pyHIDS in a Bloom or a Cuckoo filter.

$ pyhids export --bloom-filter
Bloom filter generated and stored: var/bloom/bloomfilter.bf
$ pyhids export --cuckoo-filter
Cuckoo filter generated and stored: var/cuckoo/cuckoofilter.cf

Changes

Various improvements and minor fixes.

v0.8.0

7 months ago

YARA can now be used in order to look for malicious files in the database of pyHIDS.

v0.7.1

7 months ago

Small fixes and improvements.

v0.7.0

7 months ago

New

MISP can now be used in order to look for malicious files in the database of pyHIDS.

v0.6.2

9 months ago

This release fixes an issue when no configuration file is found.

v0.6.1

9 months ago

Fixed the installation with pipx and imporved the README.