Mole is an experimental Network Intrusion Detection System that uses Yara as matching engine and PF_RING for high speed packet capture.
. Features . Supported OSes . Quickstart . Documentation . Contributing .
- Yara engine for packet matching
- PF_RING integration
- Rule configuration using meta fields from Yara (variables, ranges, ...)
Planned Windows 10 and MacOS X.
To get your hands on Mole, you can use the 5-Minute Quickstart in our documentation.
You can find the complete documentation of Mole at https://docs.mole-ids.org.
Please note that this project is released with a Contributor Code of Conduct. By participating in this project, you agree to abide by its terms.