Fibratus

Adversary tradecraft detection, protection, and hunting
Get Started »

Docs • Rules • Filaments • Download • Discussions

Fibratus detects and eradicates advanced attacker tradecraft by scrutinizing and asserting a wide spectrum of [system events](https://fibratus.io/docs/telemetry/events) against a behavior-driven [rule engine](https://fibratus.io/docs/rules) and [YARA](https://fibratus.io/docs/yara) memory scanner. Events can be routed to a wide range of [output sinks](https://fibratus.io/docs/telemetry/outputs) or written to [capture](https://fibratus.io/docs/captures) files for local inspection and forensic analysis. With [filaments](https://fibratus.io/docs/filaments), you can extend Fibratus with your own tooling and tap into the full power of the Python ecosystem. In a nutshell, the Fibratus mantra is built on three pillars: **realtime behavior detection**, **memory scanning**, and **forensics**.

### Installation and Quick start For installation and [quick start](https://www.fibratus.io/docs/setup/quick-start) instructions, go [here](https://www.fibratus.io/docs/setup/installation). ### Contributing We love contributions. To start contributing to Fibratus, please read our [contribution guidelines](https://github.com/rabbitstack/fibratus/blob/master/CONTRIBUTING.md). ### Code Signing Policy Free code signing provided by [SignPath.io], certificate by [SignPath Foundation]. All releases are automatically signed. [SignPath.io]: https://signpath.io [SignPath Foundation]: https://signpath.org ---

Developed with ❤️ by Nedim Šabić Šabić