184 Open source projects that are alternatives of or similar to nsm-attack

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

OpenCTI connectors

Signatures and IoCs from public Volexity blog posts.

CyCAT.org API back-end server including crawlers

Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.

A website and framework for testing NIDS detection

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

⚔️MITRE ATT&CK Machinations in R

Elemental - An ATT&CK Threat Library

A Suricata Docker image.

A simple threat hunting tool based on osquery, Salt Open and Cymon API

dpdk infrastructure for software acceleration. Currently working on RX and ACL pre-filter

collector for XDR and security posture service

Network Service Mesh examples repo

An open standard for hashing network flows into identifiers, a.k.a "Community IDs".

A curses-style interface for automatic takedown notification based on MISP events.

Microsoft Sentinel SOC Operations

recon-ng modules for Censys

An extremely crude, lightweight Web Frontend for Suricata/Bro to be used with BriarIDS

Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques

This project is a SIEM with SIRP and Threat Intel, all in one.

Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.

Ayashige provides a list of suspicious newly updated domains as a JSON feed

Threat Hunting queries for various attacks

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.

This is a project of "#Twiti: Social Listening for Threat Intelligence" (TheWebConf 2021)

Malware Sample Sources

Threat research and reporting from IronNet's Threat Research Teams

Application for keeping feeds from FireHOL https://github.com/firehol/blocklist-ipsets with IP addresses appearance history. HTTP-based API service is developed for search requests.

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

#ThreatHunting #DFIR #Malware #Detection Mind Maps

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Intelligent threat hunter and phishing servers

gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/

Defund the Police.

Ansible playbook automation for pfelk

An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

RDP honeypot

Capture passwords of login attempts on non-existent and disabled accounts.

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

OpenCTI Python Client

A (nearly) production ready Dockered MISP

Tracking APT IOCs

intelligence-icons is a collection of icons and diagrams for building training and marketing materials around Intelligence sharing; including but not limited to CTI, MISP Threat Sharing, STIX 2.

Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)

server for indexing and querying passive DNS observations

A set of tools and procedures for automating NSM and NIDS deployments in AWS

The Ultimate OSINT and Threat Hunting Framework

The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.

ThePhish: an automated phishing email analysis tool

A python module for working with ATT&CK

Best practices in threat intelligence

MITRE Shield website

pcapdj - dispatch pcap files

Collection of best practices to add OSINT into MISP and/or MISP communities

All the IOC's I have gathered which are used directly involved coronavirus / covid-19 / SARS-CoV-2 cyber attack campaigns

Documentation for Zeek