Category: Network Defense
Real Intelligence Threat Analytics Real Intelligence Threat Analytics (RITA) is an open-source framework for network traffic analysis. The framework ingests Bro Logs, and currently supports the following analysis features: Beaconing Detection: Search for signs of...
Snort++ Snort 3 is the next generation Snort IPS (Intrusion Prevention System). This version of Snort++ includes new features as well as all Snort 2.X features and bug fixes for the base version...
Wazuh Wazuh helps you gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the following capabilities: Log...
Falco Falco is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined via customizable rules from various sources, including the...
ADSpider Tool for monitoring Active Directory changes in real-time without getting all objects. Instead, it uses replication metadata and Update Sequence Number (USN) to filter the current properties of objects. How to use git...
CrowdSec The CrowdSec Security Engine is an open-source, lightweight software that detects and blocks malicious actors from accessing your systems at various levels, using log analysis and threat patterns called scenarios. CrowdSec is a modular framework,...
Cloud Custodian Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well-managed cloud infrastructure, that’s both secure and cost-optimized. It consolidates...
FastNetMon FastNetMon – A high-performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFLOW, SnabbSwitch, netmap, PF_RING, PCAP). What can we do? We can detect hosts in our networks...
OpenSnitch OpenSnitch is a GNU/Linux port of the Little Snitch application firewall. How Does It Work OpenSnitch is an application-level firewall, meaning then while running, it will detect and alert the user for every...
Parsec Parsec allows you to easily share your work and data in the cloud in total privacy thanks to end-to-end cryptographic security. Key features: Works as a virtual drive on you computer. You can...
Security Scorecards Goals Automate analysis and trust decisions on the security posture of open source projects. Use this data to proactively improve the security posture of the critical projects the world depends on. Checks...
teler-waf teler-waf is a comprehensive security solution for Go-based web applications. It acts as an HTTP middleware, providing an easy-to-use interface for integrating IDS functionality with teler IDS into existing Go applications. By using teler-waf, you can...
GUAC: Graph for Understanding Artifact Composition Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high-fidelity graph database—normalizing entity identities and mapping standard relationships between them. Querying this graph can drive...
PersistenceSniper PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders, and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. The...
Certiception Certiception is a honeypot for Active Directory Certificate Services (ADCS), designed to trap attackers with a realistic and attractive bait that triggers highly relevant alerts. Developed by the SRLabs Red Team, Certiception creates a...
kflowd kflowd runs as an agent on Linux endpoints to monitor processes via eBPF kernel subsystem for filesystem and TCP and UDP networking events, enabling immediate threat and anomaly detection on suspicious activities. Advanced...