Displaying 1 to 14 from 14 results

Moloch - Large scale, full packet capturing, indexing, and database system

  •    Javascript

Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting.

security-onion - Linux distro for intrusion detection, enterprise security monitoring, and log management

  •    

For more information about Security Onion, please see our main website, blog, and wiki. This repo contains the ISO image, Wiki, and Roadmap for Security Onion.

Security Onion - Linux distro for intrusion detection, network security and log management

  •    Scripts

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. Security Onion seamlessly weaves together three core functions: full packet capture, network-based and host-based intrusion detection systems, powerful analysis tools.

Suricata IDS - Network threat detection engine

  •    C

The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.




Sguil - The Analyst Console for Network Security Monitoring

  •    Tcl

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis.

OpenWIPS-ng - Wireless Intrusion Prevention System

  •    C

OpenWIPS-ng is an open source and modular Wireless IPS (Intrusion Prevention System). It is composed of three parts: Sensor(s): "Dumb" devices that capture wireless traffic and sends it to the server for analysis. Also responds to attacks. Server: Aggregates the data from all sensors, analyzes it and responds to attacks. It also logs and alerts in case of an attack. Interface: GUI manages the server and displays information about the threats on your wireless network(s).

suricata-verify-old - Suricata Verification Tests - Testing Suricata Output

  •    Python

These are tests that run Suricata with a specific configuration and/or inputs and verify the outputs. Create a directory that is the name of the new test.


docker-suricata - A Suricata Docker image.

  •    Shell

which will map the logs directory (in your current directory) to the Suricata log directory in the container so you can view the Suricata logs from outside the container. This will expose /var/log/suricata from the Suricata container as /var/log/suricata in the Logstash container.

evebox - Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

  •    Go

EveBox is a web based Suricata "eve" event viewer for Elastic Search. And one of...

suricata-verify - Suricata Verification Tests - Testing Suricata Output

  •    Python

These are tests that run Suricata with a specific configuration and/or inputs and verify the outputs. Create a directory that is the name of the new test.

odd-services - Detect weird services on a network.

  •    Bro

This is a grouping of Bro scripts which seeks to locate traffic that is considered to be anomalous on corporate networks. These aren't meant to indicate malicious activity, but should help you find funny stuff on a network you are either new to, or simply don't know well. There is no configuration necessary, however, it might be beneficial to use the hook located at OddServices::monitored. This hook can be used to tune the individual alerts within the package. For example, you could use this hook to ignore notices associated to SSH on port 2222/tcp--if that were normal in your environment.