The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.
siem elk elk-stack elasticsearch securityOSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.
intrusion-detection siem threat-intelligence security-analytics threat-analytics monitoringSigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma is for log files what Snort is for network traffic and YARA is for files.
security elasticsearch monitoring splunk logging ids signatures sysmon siemSigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma is for log files what Snort is for network traffic and YARA is for files.
security monitoring siem logging signatures elasticsearch splunk ids sysmonMetron integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.
security-framework cyber-crime anomoly-detection monitoring security big-data threat-intelligence security-analytics opensoc siem threat-analyticsThis repository hosts content for aiding administrators in collecting security relevant Windows event logs using Windows Event Forwarding (WEF). This repository is a companion to Spotting the Adversary with Windows Event Log Monitoring paper. The list of events in this repository are more up to date than those in the paper. See LICENSE.
event-log siemThe network telemetry engine for data-driven security investigations. High-Throughput Ingestion: import numerous log formats over 100k events/second, including Zeek, Suricata, JSON, and CSV.
security network-forensics incident-response actor-model bitmap-index siem soc threathuntingDsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and produces risk-adjusted alarms.
security elasticsearch logstash elk siem ossimSagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc)
security ids ips siem log syslog nsm log-monitoringA collective list of public JSON APIs for use in security.
awesome-list security siem json-apiCollect endpoint information for use in incident response, threat hunting, live forensics, baseline monitoring, etc. * Info pulled from current running processes or their executables on disk.
threat hunt red blue purple team incident response baseline monitor analysis scan log forensics triage recon threat-hunting security soc siemMalwLess is an open source tool that allows you to simulate system compromise or attack behaviours without running processes or PoCs. The tool is designed to test Blue Team detections and SIEM correlation rules. It provides a framework based on rules that anyone can write, so when a new technique or attack comes out you can write your own rules and share it a with the community. These rules can simulate Sysmon or PowerShell events. MalwLess can parse the rules and write them directly to the Windows EventLog, then you can foward it to your event collector.
blueteam dfir mitre-attack sysmon siem redteam powershellVeresion 1.3.0 was a limited release and is no longer available, but 1.4.2 includes all its features. Read on for overview and installation instructions. The sample Splunk connector is a Splunk add-on that captures security events from the Akamai Security Events Collector, which exposes a RESTful API that lets the connector pull events in JSON format. The Splunk add-on converts security events data from JSON into CIM format. The Splunk instance then analyzes high volumes of data by indexing it.
siem splunkEnterprise Application Access (EAA) comes with a full suite of APIs. Yet you need to write scripts or use Postman to be able to interact with the service. With Akamai CLI you can run very common operations directly from the command line, no coding required.
logs siem cli-eaaAkamai SIEM CEF Connector for HP ArcSight
cef siem arcsightLogESP is a SIEM (Security Information and Event Management system) written in Python Django. It features a web frontend, and handles log management and forensics, risk management, and asset management. LogESP was designed and built as a security application, and minimalism can be good for security.
siem risk-management risk-assessment vulnerability-management security security-tools secops security-audit web-application asset-management log-management log-analysis log-collector log forensics security-analysis security-awareness syslog log-parser log-monitoringSiemstress is a lightweight but powerful security information and event management (SIEM) system. It uses a database and a suite of CLI tools for managing log events, and automating event analysis. It comes with four programs: siemparse, siemquery, siemtrigger, and siemmanage. Siemstress is designed to parse data, and organize it into prioritized, manageable streams of relevant information. The goal is a streamlined open source information management system that embodies unix design principles. It should be simple, modular, and useful beyond its original scope.
log syslog log-analysis log-analytics forensics security security-tools log-management log-monitoring log-collector log-analyzer siem security-analysis security-awareness parser parsing command-line cli secops
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.