Getting Started

Installing

Gene engine is a single executable without dependency. You can download the latest releases for your OS from our Github

Basic Usage

# Assuming ./gene-rules is a directory containing your rules
# Verifying that the rules are valid
gene -r ./gene-rules -verify

# Scanning a single file
gene -r ./gene-rules -progress sysmon.evtx

# Scanning several files
gene -r ./gene-rules -progress *.evtx

# Scanning Windows Events in JSON format (as printed by evtxdump)
gene -r ./gene-rules -progress -j sysmon.json

# Reading JSON Events from stdin
cat some-events.json | gene -r ./gene-rules -progress -j -

# Scan Events and set blacklist and whitelist containers
gene -r ./gene-rules -bl blacklist.txt -wl whitelist.txt -j sysmon.json

WHIDS or how to use Gene in real time

As Gene engine, WHIDS can be downloaded as a standalone executable on our Github. This tool is a powerful Host IDS (and even more) built on top of Gene engine and capable of analyzing a considerable amount of events per seconds.

Where do I find rules?

We are maintaining a repository of rules, so feel free to download it there and use it.