Product Details

Sada zásuvných modulů pro systém QRadar

Created: 2024

English title
Set of plug-in modules for QRadar system
Type
software
License
In order to use the result by another entity, it is always necessary to acquire a license
License Fee
The licensor does not require a license fee for the result
Authors
Hranický Radek, Ing., Ph.D. (DIFS)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)
Ondryáš Ondřej, Ing. (DIFS)
Lichtner Ondrej, Ing. (DIFS)
Horák Adam, Ing. (DIFS)
Polišenský Jan, Bc. (DIFS)
Pouč Petr, Ing. (DIFS)
Polóni Peter, Bc.
Bučko Filip, Bc. (DIFS)
Soukup Dominik, Ing.
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Keywords

QRadar, domain name, malware, phishing, DGA, Indicators of Compromise (IoC),
traffic monitoring, machine learning, anomaly detection, threat identification,
network security

Description

The QRadar plug-in suite provides advanced protection against unwanted phenomena
in encrypted communications such as malware and phishing. The output consists of
two modules: DomainRadar and MalwareRadar. The DomainRadar module is able to
detect malicious domain names that are related to fraudulent websites, malware
propagation, or botnet communication. The MalwareRadar module can detect the
presence of malware in network communications.

Location

https://nesfit.github.io/feta-qradar-modules/

License Conditions

BSD 3-Clause License

Copyright (c) 2024, FIT BUT, FIT CTU
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Projects
Flow-based Encrypted Traffic Analysis, MV, Strategická podpora rozvoje bezpečnostního výzkumu ČR 2019–2025 (IMPAKT 1) PODPROGRAMU 1 SPOLEČNÉ VÝZKUMNÉ PROJEKTY (BV IMP1/2VS), VJ02010024, start: 2022-01-01, end: 2025-06-30, running
Research groups
NES@FIT - Networks and distributed systems research group (RG NES@FIT)
Departments
Department of Information Systems (DIFS)
Fakulta informačních technologií (FIT ČVUT)
Back to top