Security Monitoring

A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.

Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security

Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.

SIEM platform for log management, threat detection, and security monitoring

Kunai is a Linux-based system monitoring tool that provides real-time monitoring and threat hunting capabilities.

Secret Bridge monitors GitHub repositories to detect and alert on leaked secrets and sensitive data exposure.

Varna is an AWS serverless security tool that monitors CloudTrail logs using Event Query Language to detect and alert on suspicious activities in cloud environments.

An open-source OSINT honeypot that monitors threat actor reconnaissance attempts and generates early-warning intelligence for blue teams during the pre-attack phase.

Allstar is a GitHub App that continuously monitors repositories and organizations for security policy violations, creating alerts when best practices are not followed.

An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.

A defense-in-depth security automation framework for AWS that combines threat intelligence, machine learning, and serverless technologies to prevent, detect, and respond to threats through automated security telemetry collection and analysis.

A repository of officially managed detection rules for the Falco runtime security monitoring system that identifies threats, abnormal behaviors, and compliance violations through syscall and container event analysis.

A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices

NodeSecure is a cybersecurity project that provides security monitoring and analysis capabilities specifically designed for Node.js applications.

A comprehensive AWS security automation toolkit that provides event monitoring, data protection, resource management, and security configuration validation across AWS environments.

A multi-account AWS security tool that identifies misconfigurations, provides real-time reporting, and performs automated remediation to establish secure cloud guardrails.

Medium interaction SSH honeypot for logging brute force attacks and shell interactions.

DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.

Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.

Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.

A Certificate Transparency log monitor that alerts users when SSL/TLS certificates are issued for their domains, helping detect unauthorized certificate issuance and potential security threats.

Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.

A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.

Multi-honeypot platform with various honeypots and monitoring tools.