Pyvorin for Threat Detection

IOC Matching

Match IP addresses, domains, and file hashes against threat intelligence feeds.

def check_ioc(event, ioc_set):
    if event['src_ip'] in ioc_set:
        return True
    if event['domain'] in ioc_set:
        return True
    if event['file_hash'] in ioc_set:
        return True
    return False

Behavioural Heuristics

Lateral movement, beaconing, and data exfiltration detection.

Entropy Analysis

Detect packed executables and encrypted channels via entropy scoring.