Awesome

volatility-misp

volatility-misp - Volatility plugin to interface with MISP

volatility-misp is a volatility plugin that allows to pull yara rules from a MISP instance's yara attributes and use them in yarascan.

This is a work in progress, no documentation available yet

Requirements

Python 2.7 if used as a volatility module
Python 2.7 or 3+ if used as a library (excluding volatility_misp.py)
PyMISP
yara-python
volatility

Current capabilities

Pulling yara rules from a MISP server
Sorting valid yara rules from broken rules
Suggesting fixes for some of the broken rules (currently unused)
Running the valid yara rules on a memory dump (same capabilities and options as yarascan)