108 Open source projects that are alternatives of or similar to Evebox

fast, extensible, versatile event router for Suricata's EVE-JSON format

idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)

The tool for updating your Suricata rules.

A Suricata Docker image.

An extremely crude, lightweight Web Frontend for Suricata/Bro to be used with BriarIDS

Suricata IDS rules 用来检测红队渗透/恶意行为等，支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等

A Suricata based IDS/IPS distro

gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/

IDS using a port mirror, Snort and an alert -> RESTCONF utility

Centralize Management of Intrusion Detection System like Suricata Bro Ossec ...

An IDS implementation using machine learning

Machine learning based Intrusion detection system (IDS)

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

A workshop on Packet Crafting using Scapy.

The DearBytes remote integrity tool is an IDS (Intrusion Detection System) that keeps track of files on a remote server and logs an event if a file gets added, removed or modified.

This is the network diagrams, configuration guides, and hardware used for my home lab.

Wazuh - Tools for packages creation

This project is a SIEM with SIRP and Threat Intel, all in one.

Hashids, ported for Perl

Mapping NSM rules to MITRE ATT&CK

Simple Implementation of Network Intrusion Detection System. KddCup'99 Data set is used for this project. kdd_cup_10_percent is used for training test. correct set is used for test. PCA is used for dimension reduction. SVM and KNN supervised algorithms are the classification algorithms of project. Accuracy : %83.5 For SVM , %80 For KNN

Real-time detection and defense against malicious network activity and policy violations (exploits, port-scanners, advertising, telemetry, state surveillance, etc.)

A kubernetes controller running on bare-metal firewalls, creating nftables rules, configures suricata, collects network metrics

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

A script using Docker to quickly bring up some honeypots exposing lots of services. For research, reconnaissance, and fun. (DISCLAIMER may not be fun, not to be taken internally, aim away from face)

dpdk infrastructure for software acceleration. Currently working on RX and ACL pre-filter

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

❄️ Extract links, ids, and names from a youtube playlist

Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)

Wazuh - Ansible playbook

RDP honeypot

Application-embedded connectivity and zero-trust components

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

A compilation of network scanning strategies to find vulnerable devices

Hashids implementation in Rust

Ansible playbook automation for pfelk

An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk

Super short, fully unique, non-sequential and URL-friendly Ids

Fragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.

Scout - a Contactless Active Reconnaissance Tool

Sysmon configuration file template with default high-quality event tracing

pcapdj - dispatch pcap files

Wazuh - Amazon AWS Cloudformation

UTM Firewall on OpenBSD

Zeek IDS Dockerfile

Easily Expandable Wireless Intrusion Detection System

collector for XDR and security posture service

Yara powered NIDS with high speed packet capture powered by PF_RING

** README ** This repo has MOVED to https://github.com/quadrantsec/sagan

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Wazuh - Kibana plugin

server for indexing and querying passive DNS observations

Wazuh - Docker containers

BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.

Detect x86 shellcode in files and traffic.

WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

BSM based intrusion detection system

IoT device indexer and search engine.