Description

This document describes V2: A Set of Plug-in Modules for the QRadar System, a software deliverable developed within the FETA (Flow-based Encrypted Traffic Analysis) project.

The set of plug-in modules for the QRadar system offers advanced protection against undesirable phenomena within encrypted communication, such as the presence of malware or phishing attempts. The aim of this software solution is to significantly enhance the capability to identify and mitigate security threats, thereby improving network security and the overall resilience of the system against cyber threats.

The V2 deliverable consists of two primary modules:

• DomainRadar: This module is capable of detecting malicious domain names associated with fraudulent websites, the dissemination of malicious code, or botnet communication.
• MalwareRadar: This module is designed to recognize the presence of malicious software within network communication.

The development of these modules was undertaken by a collaborative research team from the Faculty of Information Technology, Brno University of Technology (FIT BUT) and the Faculty of Information Technology, Czech Technical University in Prague (FIT CTU). The contributing members include Radek Hranický, Ondřej Ryšavý, Ondřej Ondryáš, Ondrej Lichtner, Adam Horák, Jan Polišenský, Petr Pouč, Peter Polóni, Filip Bučko, Dominik Soukup, and Petr Matoušek.

Full Documentation

The full documentation for the V2 deliverable is available in Czech in PDF format here: FETA V2 QRadar Modules Documentation.

Links and Sources

• FETA QRadar Modules Site (czech version of this page)
• DomainRadar GitHub Repository
• MalwareRadar GitHub Repository
• QRadar Modules License