Tool and Usage
|Latest release||No release found|
Why this tool?
Rastrea2r is a threat hunting utility for indicators of compromise (IOC). It is named after the Spanish word rastreador, which means hunter. This multi-platform open source tool helps incident responders and SOC analysts to triage suspected systems. The hunt for IOCs can be achieved in just a matter of a few minutes.
How it works
Rastrea2r will collect and parse artifacts from remote systems. This includes memory dumps and command output. All data is saved on a centralized share, where it can be picked up for further analysis. With the usage of a client/server API, the rastrea2r tool can hunt for detail on disk and memory. In this case, it uses YARA rules to match any data of interest. Rastrea2r can also be integrated with external tools like McAfee ePO, allowing to find more details without requiring an additional agent on the client systems.
Usage and audience
rastrea2r is commonly used for digital forensics, malware detection, threat discovery, or threat hunting. Target users for this tool are forensic specialists, malware analysts, security professionals, and system administrators.
- Application programming interface (API) available
- Command line interface
- Customization and additions are possible
- Tool allows multiple integrations
Example usage and output
History and highlights
- Demo at Black Hat USA 2016 Arsenal
Supported operating systems
Rastrea2r is known to work on Linux, macOS, and Microsoft Windows.
Several dependencies are required to use rastrea2r.
Similar tools to rastrea2r:
HELK is short for The Hunting ELK, containing Elasticsearch, Logstash, and Kibana. It has advanced analytic capabilities for threat hunting.
Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.
TheHive is a platform to deal with security incidents. It helps CSIRTs, CERTs, and SOCs to deal with the available data and decrease the amount of manual analysis.
This tool page was updated at . Found an improvement? Help the community by submitting an update.