Skip to content

rabbitstack/fibratus

BranchesTags

Repository files navigation

Fibratus

Fibratus

Adversary tradecraft detection, protection, and hunting
Get Started »

Docs   •   Rules   •   Filaments   •   Download   •   Discussions

Fibratus detects and eradicates advanced attacker tradecraft by scrutinizing and asserting a wide spectrum of system events against a behavior-driven rule engine and YARA memory scanner.

Events can be routed to a wide range of output sinks or written to capture files for local inspection and forensic analysis. With filaments, you can extend Fibratus with your own tooling and tap into the full power of the Python ecosystem.

In a nutshell, the Fibratus mantra is built on three pillars: realtime behavior detection, memory scanning, and forensics.

Fibratus

Installation and Quick start

For installation and quick start instructions, go here.

Contributing

We love contributions. To start contributing to Fibratus, please read our contribution guidelines.

Code Signing Policy

Free code signing provided by SignPath.io, certificate by SignPath Foundation. All releases are automatically signed.

Developed with ❤️ by Nedim Šabić Šabić

About

Adversary tradecraft detection, protection, and hunting

www.fibratus.io

Topics

python windows golang security instrumentation windows-kernel etw mitre blueteam adversary edr

Resources

Readme

License

View license

Code of conduct

Code of conduct

Contributing

Contributing
Activity

Stars

2.4k stars

Watchers

66 watching

Forks

205 forks
Report repository

Releases 26

v3.0.0 Latest
Apr 22, 2026
+ 25 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Contributors

Languages