Elasticsearch

Orochi is a collaborative forensic memory dump analysis framework.

Watchmen is a framework that centralizes AWS Config rule lambda functions into a single account for streamlined compliance management and automation.

An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.

ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.

Hippocampe is a threat feed aggregator with configurable confidence levels and a Hipposcore for determining maliciousness.

Browse a library of EQL analytics now natively integrated in Elasticsearch.

Syrup is a Go-based SSH honeypot that simulates SSH services with fake shells, session recording, and comprehensive logging to monitor and analyze unauthorized access attempts.

Elastic is a search-powered AI company that enables users to find answers from all data in real-time at scale.

ElastAlert is a framework for alerting on anomalies in Elasticsearch data.

Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, with upcoming features like Docker-based installation and new UI rewrite in React.

A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.

SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.

A honeypot system that detects and identifies attack commands, recon attempts, and download commands, mimicking a vulnerable Elasticsearch instance.

A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.

A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.

SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.