Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, colle...
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
⭐ ⭐ Distributed tcpdump for cloud native environments ⭐ ⭐
Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secur...
#计算机科学#Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT ...
Tenzir is the data pipeline engine for security teams.
Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark
Zeek-Formatted Threat Intelligence Feeds
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat detection
Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)