Proactive Investigator: advanced analytics for threat detection

  •        66

Proactive Investigator is a solution created for information security threat detection. It is an end-to-end solution, currently built on SQL Server 2008

http://proactiveinvestigate.codeplex.com/

Tags
Implementation
License
Platform

   




Related Projects

MEAnalyzer - Intel Engine Firmware Analysis Tool

  •    Python

ME Analyzer is a tool which parses Intel Engine & PMC firmware images from the (Converged Security) Management Engine, (Converged Security) Trusted Execution Engine, (Converged Security) Server Platform Services & Power Management Controller families. It can be used by end-users who are looking for all relevant firmware information such as Family, Version, Release, Type, Date, SKU, Platform etc. It is capable of detecting new/unknown firmware, checking firmware health, Updated/Outdated status and many more. ME Analyzer is also a powerful Engine firmware research analysis tool with multiple structures which allow, among others, full parsing and unpacking of Converged Security Engine (CSE) code & file system, Flash Partition Table (FPT), Boot Partition Descriptor Table (BPDT/IFWI), CSE Layout Table (LT), advanced Size detection etc. Moreover, with the help of its extensive database, ME Analyzer is capable of uniquely categorizing all supported Engine firmware as well as check for any firmware which have not been stored at the Intel Engine Firmware Repositories yet. ME Analyzer allows end-users and/or researchers to quickly analyze and/or report new firmware versions without the use of special Intel tools (FIT/FITC, FWUpdate) or Hex Editors. To do that effectively, a database had to be built. The Intel Engine Firmware Repositories is a collection of every (CS)ME, (CS)TXE & (CS)SPS firmware we have found. Its existence is very important for ME Analyzer as it allows us to continue doing research, find new types of firmware, compare same major version releases for similarities, check for updated firmware etc. Bundled with ME Analyzer is a file called MEA.dat which is required for the program to run. It includes entries for all Engine firmware that are available to us. This accommodates primarily three actions: a) Detect each firmware's Family via unique identifier keys, b) Check whether the imported firmware is up to date and c) Help find new Engine firmware sooner by reporting them at the Intel Management Engine: Drivers, Firmware & System Tools or Intel Trusted Execution Engine: Drivers, Firmware & System Tools threads respectively.

Apache Metron - Real-time Big Data Security

  •    Java

Metron integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.

Analysis Services Helper - SSMS Addin

  •    

The Analysis Services Helper is an add-in for SQL Server Management Studio that helps users with repetitive tasks involved with Analysis Services such as processing and deployment. It's developed in C# .Net 2.0, and tested with SSMS 2008 R2.

Analysis Services Stored Procedure Project

  •    CSharp

A set of stored procedures for Microsoft SQL Server Analysis Services.


Microsoft SQL Server Product Samples: Analysis Services

  •    

This project contains Analysis Services samples released with Microsoft SQL Server product.

Microsoft SQL Server Community Samples: Analysis Services

  •    

This project contains SQL Server Analysis Services samples contributed by Microsoft outside of the regular release cycle, MVPs, and other members of the community.

Apache Spot - A Community Approach to Fighting Cyber Threats

  •    Java

Apache Spot is a community-driven cybersecurity project, built from the ground up, to bring advanced analytics to all IT Telemetry data on an open, scalable platform. pot expedites threat detection, investigation, and remediation via machine learning and consolidates all enterprise security data into a comprehensive IT telemetry hub based on open data models.

opensoc - OpenSOC Apache Hadoop Code

  •    

OpenSOC integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. OpenSOC provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform. A mechanism to capture, store, and normalize any type of security telemetry at extremely high rates. Because security telemetry is constantly being generated, it requires a method for ingesting the data at high speeds and pushing it to various processing units for advanced computation and analytics.

Vulcan

  •    

Vulcan is a Business Intelligence Framework built on top of Sql Server Integration Services and Sql Server Analysis Services for quickly creating BI solutions.

BIDS Helper

  •    

A Visual Studio add-in with features that extend and enhance business intelligence development functionality in SQL Server 2005, 2008, and 2008 R2 BI Development Studio (BIDS) and SQL Server 2012 SQL Server Data Tools (SSDT).

RapidMiner -- Data Mining, ETL, OLAP, BI

  •    Java

No 1 in Business Analytics: Data Mining, Predictive Analytics, ETL, Reporting, Dashboards in One Tool. 1000+ methods: data mining, business intelligence, ETL, data mining, data analysis + Weka + R, forecasting, visualization, business intelligence

Analysis Services Parent-Child Dimension Naturalizer

  •    

Parent/Child dimensions, wherein each member references the ID of its parent member rather than being specified on a specific level of a hierarchy, are often a cause for poor performance in Analysis Services databases. One way of dealing with this is to convert a poorly perfor...

Webalizer - fast web server log file analysis

  •    C

The Webalizer is a fast web server log file analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser. It handles standard Common logfile format (CLF) server logs, several variations of the NCSA Combined logfile format, wu-ftpd/proftpd xferlog (FTP) format logs, Squid proxy server native format, and W3C Extended log formats.

WikiImporter for NodeXL

  •    

Import networks from MediaWikis directly into NodeXL for analysis and visualization.

Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing

  •    Python

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.

AIL-framework - AIL framework - Analysis Information Leak framework

  •    Python

AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine or process sensitive information. The default installing_deps.sh is for Debian and Ubuntu based distributions. For Arch linux based distributions, you can replace it with installing_deps_archlinux.sh.

drakvuf - DRAKVUF Black-box Binary Analysis

  •    C

DRAKVUF is a virtualization based agentless black-box binary analysis system. DRAKVUF allows for in-depth execution tracing of arbitrary binaries (including operating systems), all without having to install any special software within the virtual machine used for analysis. DRAKVUF uses hardware virtualization extensions found in Intel CPUs. You will need an Intel CPU with virtualization support (VT-x) and with Extended Page Tables (EPT). DRAKVUF is not going to work on any other CPUs (such as AMD) or on Intel CPUs without the required virtualization extensions.