Skip to content

chore: update readme and move requirements.txt #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
phantinuss merged 1 commit into from
Dec 19, 2025
Merged

chore: update readme and move requirements.txt #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/actions/setup-python/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ runs:
run: |
python3 -m venv .venv
. .venv/bin/activate
pip install -r requirements.txt
pip install -r testdata/requirements.txt

# Set environment variables for subsequent steps
echo "VIRTUAL_ENV=$VIRTUAL_ENV" >> $GITHUB_ENV
Expand Down
29 changes: 27 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,29 @@
# Nextron YAML IOC Specification

This repository is used to maintain the specification for the IOC YAML format
used in Nextron products such as THOR.
This repository contains the official specification for the IOC (Indicator of Compromise) YAML format used in Nextron products such as THOR.

## What is this?

The YAML IOC format is a standardized way to define threat intelligence indicators in a structured, human-readable format. This specification enables security analysts and threat hunters to create portable IOC rules that can detect various types of malicious artifacts including:

- **File indicators**: File paths, names, and patterns.
- **Network indicators**: C2 domains, IPs.
- **System indicators**: Mutexes, named pipes, events.
- **Hash indicators**: File hashes (MD5, SHA1, SHA256, Imphash).

## Benefits for Users

- **Future Proof**: Consistent format across different Nextron tools and environments, starting with THOR.
- **Portability**: IOC rules can be shared and reused across different deployments.
- **Validation**: JSON schema ensures rule correctness and prevents common errors.
- **Flexibility**: Support for various IOC types with customizable scoring and filtering.
- **Documentation**: Built-in fields for references, descriptions, and metadata.

## Main Files

- **[yaml-ioc-schema.json](yaml-ioc-schema.json)**: The main JSON Schema file that defines the complete IOC YAML specification.
- **testdata/**: Example IOC rules demonstrating valid and invalid formats for testing purposes.

## Documentation

For detailed information on using IOC rules with THOR, see the [THOR Manual](https://thor-manual.nextron-systems.com/en/v11/signatures/ioc-types.html).
0 requirements.txt → testdata/requirements.txt
View file
Open in desktop
File renamed without changes.