Trendy cybersecurity faces an escalating problem: fileless malware and obfuscation methods more and more bypass conventional file-based detection strategies.
To handle this rising risk, JPCERT/CC has launched YAMAGoya. This open-source risk searching device leverages industry-standard detection guidelines to establish suspicious exercise in actual time.
YAMAGoya represents a major development in endpoint risk detection by combining Occasion Tracing for Home windows (ETW) occasion monitoring with reminiscence scanning capabilities.
Open-Supply Endpoint Detection Answer
Not like standard safety instruments that depend on proprietary detection engines, YAMAGoya immediately helps Sigma and YARA guidelines.
Enabling safety analysts to deploy community-driven detection logic throughout their infrastructure.
The device operates completely in userland, requiring no kernel driver set up, which simplifies deployment throughout organizational environments.
Its real-time monitoring capabilities observe information, processes, registry modifications, DNS queries, community connections, PowerShell execution, and WMI instructions concurrently.
YAMAGoya startup display screen
This complete strategy permits the detection of each conventional and fileless malware threats.
In line with JPCERT/CC, YAMAGoya helps a number of rule codecs, together with Sigma guidelines, YARA guidelines for reminiscence scanning, and customized YAML guidelines for correlation-based detection.
JPCERT/CC safety groups can create refined detection logic that correlates a number of occasions.
Similar to file creation adopted by course of execution, DLL loading, and community communication, to establish malicious exercise patterns.
The device is on the market for speedy analysis by way of pre-built binaries on GitHub, with supply code obtainable for organizations requiring customized builds.
YAMAGoya operates by way of each graphical and command-line interfaces, accommodating completely different operational preferences.
YAMAGoya’s Alert tab
Customers can run Sigma rule monitoring or reminiscence scanning with easy instructions, offered they’ve administrative privileges.
JPCERT/CC detection alerts seem within the device’s interface. They’re logged to Home windows Occasion Log with particular occasion IDs for integration with safety info and occasion administration (SIEM) techniques.
This permits centralized monitoring and alerting throughout enterprise environments. By supporting industry-standard detection guidelines, YAMAGoya democratizes superior risk detection capabilities.
JPCERT/CC researchers and incident responders can now leverage community-developed Sigma and YARA guidelines with out vendor lock-in, strengthening the collective cybersecurity protection posture towards rising threats.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
