Monitoring

Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.

An Event Hub to gather, process, and monitor system events and link them to an inventory.

CloudTrail Partitioner automates the creation and management of partitioned Athena tables for AWS CloudTrail logs with nightly partition updates.

A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.

AWS Cloud Security offers security services and compliance tools for securing data and applications on AWS.

A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.

Mana Security is a macOS-focused vulnerability management tool that continuously monitors 100+ applications for security vulnerabilities and tracks patching performance against community benchmarks.

Cloud Inquisitor is an AWS security tool that monitors resource ownership, detects domain hijacking, verifies security services, and manages IAM policies across multiple accounts.

Ice is an AWS cloud cost management tool that provides multi-level visibility into cloud spending and resource utilization to support informed reservation purchases and resource optimization decisions.

A repository providing guidance on collecting security-relevant Windows event logs using Windows Event Forwarding (WEF).

A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.

Sysdig is a universal system visibility tool that provides deep monitoring and analysis capabilities for traditional systems and containerized environments through system call tracing and network activity monitoring.

Honeyntp is an NTP honeypot and logging tool that captures NTP packets into a Redis database to detect DDoS attacks and monitor network time protocol traffic.

Cloudmarker is a configurable cloud monitoring tool and framework that audits Azure and GCP environments by retrieving, analyzing, and alerting on cloud security data.

Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.

Weave Scope is a real-time visualization and monitoring tool that automatically maps Docker container infrastructures and microservices, providing interactive topology views and direct container management capabilities.

RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.

Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.

Do Not Disturb is a free open-source macOS security tool that detects unauthorized physical access to laptops.

Security Monkey monitors AWS, GCP, and OpenStack environments for policy changes and insecure configurations, providing historical tracking and alerting capabilities through a centralized interface.

A command line tool that counts and inventories AWS resources across multiple regions, providing visibility into cloud infrastructure with efficient API querying.

A honeypot that simulates an exposed networked printer using PJL protocol to capture and log attacker interactions through a virtual filesystem.

A testing tool that generates suspect actions to validate and test Falco runtime security monitoring rulesets.

An open source packet capture and forwarding tool that captures network packets on one machine and sends them to another for remote monitoring and analysis.