MCPcopy Index your code
hub / github.com/rabbitstack/fibratus

github.com/rabbitstack/fibratus @v3.0.0 sqlite

repository ↗ · DeepWiki ↗ · release v3.0.0 ↗
3,546 symbols 12,331 edges 493 files 2,114 documented · 60%
README

Fibratus

Fibratus

Adversary tradecraft detection, protection, and hunting

Get Started »

Docs   •   Rules   •   Filaments   •   Download   •   Discussions

Fibratus detects and eradicates advanced attacker tradecraft by scrutinizing and asserting a wide spectrum of system events against a behavior-driven rule engine and YARA memory scanner.

Events can be routed to a wide range of output sinks or written to capture files for local inspection and forensic analysis. With filaments, you can extend Fibratus with your own tooling and tap into the full power of the Python ecosystem.

In a nutshell, the Fibratus mantra is built on three pillars: realtime behavior detection, memory scanning, and forensics.

Fibratus

Installation and Quick start

For installation and quick start instructions, go here.

Contributing

We love contributions. To start contributing to Fibratus, please read our contribution guidelines.

Code Signing Policy

Free code signing provided by SignPath.io, certificate by SignPath Foundation. All releases are automatically signed.


Developed with ❤️ by Nedim Šabić Šabić

Extension points exported contracts — how you extend this code

Sender (Interface)
Sender is the minimal interface all alert senders have to implement. [7 implementers]
pkg/alertsender/sender.go
Client (Interface)
Client represents the minimal interface all output implementors have to satisfy. [7 implementers]
pkg/outputs/client.go
Writer (Interface)
Writer is the minimal interface that all cap writers need to satisfy. The Windows cap file format has the layout as depi [7 …
pkg/cap/types_windows.go
Accessor (Interface)
Accessor dictates the behaviour of the field accessors. One of the main responsibilities of the accessor is to extract t [12 …
pkg/filter/accessor.go
Listener (Interface)
Listener is the minimal interface that all event listeners need to implement. [7 implementers]
pkg/event/queue.go
Chain (Interface)
Chain defines the event process chain has to satisfy. [11 implementers]
internal/etw/processors/chain.go
Transformer (Interface)
Transformer is the minimal interface all transformers have to satisfy. [5 implementers]
pkg/aggregator/transformers/transformer.go
EventSource (Interface)
EventSource defines the contract all event sources have to satisfy. ETW, kernel driver, or userspace instrumentation are [2 …
pkg/source/source.go

Core symbols most depended-on inside this repo

Equal
called by 541
pkg/outputs/amqp/_fixtures/garagemq/binding/binding.go
String
called by 315
pkg/filter/ql/expr.go
GetParamAsString
called by 234
pkg/event/event.go
AppendParam
called by 205
pkg/event/event.go
Add
called by 198
pkg/outputs/amqp/_fixtures/garagemq/interfaces/interfaces.go
Unlock
called by 177
pkg/filament/cpython/gil.go
Lock
called by 174
pkg/filament/cpython/gil.go
Contains
called by 123
pkg/event/param.go

Shape

Method 1,980
Function 1,033
Struct 417
TypeAlias 63
Interface 33
FuncType 19
Class 1

Languages

Go99%
Python1%

Modules by API surface

pkg/outputs/amqp/_fixtures/garagemq/amqp/methods_generated.go509 symbols
pkg/filter/accessor_windows.go70 symbols
pkg/event/param.go64 symbols
pkg/event/event_windows.go51 symbols
pkg/sys/zsyscall_windows.go45 symbols
pkg/filter/ql/literal.go44 symbols
pkg/filter/fields/fields_windows.go41 symbols
pkg/sys/etw/types.go37 symbols
pkg/ps/types/types_windows.go34 symbols
pkg/outputs/amqp/_fixtures/garagemq/server/channel.go34 symbols
internal/etw/source_test.go34 symbols
pkg/filter/filter.go31 symbols

Dependencies from manifests, versioned

github.com/Masterminds/goutilsv1.1.1 · 1×
github.com/Masterminds/semver/v3v3.1.1 · 1×
github.com/Microsoft/go-winiov0.4.14 · 1×
github.com/antchfx/htmlqueryv1.2.5 · 1×
github.com/antchfx/xpathv1.2.1 · 1×
github.com/bits-and-blooms/bitsetv1.13.0 · 1×
github.com/davecgh/go-spewv1.1.2-0.20180830191 · 1×

For agents

$ claude mcp add fibratus \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact