Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r (pronounced “rastreador” – hunter- in Spanish) is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs) across thousands of endpoints in minutes. To parse and collect artifacts of interest from remote systems (including memory dumps), rastrea2r can execute sysinternal, system commands and other 3rd party tools across multiples endpoints, saving the output to a centralized share for automated or manual analysis. By using a client/server RESTful API, rastrea2r can also hunt for IOCs on disk and memory across multiple systems using YARA rules. As a command line tool, rastrea2r can be easily integrated within McAfee ePO, as well as other AV consoles and orchestration tools, allowing incident responders and SOC analysts to collect forensic evidence and hunt for IOCs without the need for an additional agent, with ‘gusto’ and style!
Clone the project to your local directory (or download the zip file of the project)
$git clone https://github.com/rastrea2r/rastrea2r.git $cd rastrea2r
All the dependencies necessary for the tool to run can be installed within a virtual environment via the provided makefile.
$make help help - display this makefile's help information venv - create a virtual environment for development clean - clean all files using .gitignore rules scrub - clean all files, even untracked files test - run tests test-verbose - run tests [verbosely] check-coverage - perform test coverage checks check-style - perform pep8 check fix-style - perform check with autopep8 fixes docs - generate project documentation check-docs - quick check docs consistency serve-docs - serve project html documentation dist - create a wheel distribution package dist-test - test a wheel distribution package dist-upload - upload a wheel distribution package