YARA
Pattern matching for malware researchers—rules over files, memory, and streams in IR pipelines.
Why it is included
Industry lingua franca for detection engineering and threat hunting.
Best for
Writing shareable detection logic and retrohunts.
Strengths
- Rule language
- Tooling ecosystem
- Vendor adoption
Limitations
- False positives without tuning
Good alternatives
Sigma rules (different layer) · ClamAV sigs
Related tools
Security & Privacy
Volatility 3
Advanced memory forensics framework for extracting artifacts from RAM dumps across OS versions.
Security & Privacy
Ghidra
NSA-released reverse engineering suite: decompiler, disassembler, scripting, and collaboration features.
Security & Privacy
Sigma
Generic signature format for SIEM/detection rules convertible to Splunk, Elastic, KQL, and many backends.
Security & Privacy
Suricata
High-performance IDS/IPS and network security monitoring with multi-threading, TLS inspection options, and Lua scripting.
Security & Privacy
Zeek
Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.
Security & Privacy
Falco
Cloud-native runtime security for Linux/Kubernetes: syscall and K8s audit rules with Falcoctl and ecosystem outputs.