Windows Analyzers
  • Browser History Analyzer (bha)
    Executes URL based checks on the browser histories
  • Generic WebShell Analyzer (wsa)
    Scans device for the webshells using webshell specific YARA rules
  • Application Analyzer (aa)
    Executes rules for identifying malicious installed applications.
  • Registry Analyzer (ara)
    Executes rules for checking Autoruns registry records.
  • Scheduled Task Analyzer (asta)
    Executes rules on Scheduled task entries.
  • Windows Services Analyzer (awsa)
    Executes rules for Windows services.
  • DNS Cache Analyzer (dnsa)
    Executes rule DNS Cache records for identifying abused tlds.
  • Event Records Analyzer (ela)
    Analyzing Event Records with the Sigma rules
  • Hosts File Analyzer (ha)
    Analyzing host file entries for malicious entries
  • $MFT Analyzer (mfta)
    Executes rules for MFT records
  • Network Share Analyzer (nsa)
    Executes rules for Network shares
  • Prefetch Analyzer (pfa)
    Executes rules for files in the parsed prefetches
  • Process Analyzer (pa)
    Executes rules for running Processes, Process modules and Process handles
  • ShellBags Analyzer (sba)
    Analyzer for checking admin shares
  • User Folders Analyzer (ufa)
    Executes rules for User Folders
  • Events of Interest (wea)
    Analyzer for tracking events that you are interested in. This list can be customized via config(refer to blog post here) file
  • Vulnerability Analyzer (vua)
    Executes rules for identifying if your device compromised with a known vulnerability
  • YARA Scanner (gys)
    Scans your system with your YARA repositories(refer to blog post here).
  • Ransomware Identifier (rwa)
    Scans the device for ransomware using ransomware-specific YARA rules.
Last modified 2mo ago
Copy link