Security Monitoring

An archived community-driven collection of open source cloud security tools that provided monitoring and compliance capabilities for cloud infrastructure.

OpenRASP is a runtime application self-protection solution that integrates into application servers to monitor and block threats in real-time using context-aware instrumentation.

CloudTrail Partitioner automates the creation and management of partitioned Athena tables for AWS CloudTrail logs with nightly partition updates.

CyberOwl aggregates and summarizes daily security advisories from multiple CERT organizations and threat intelligence sources into consolidated reports.

A honeypot agent for running honeypots with service and data at threatwar.com.

ElastAlert is a framework for alerting on anomalies in Elasticsearch data.

Automate AWS security checks and centralize security alerts.

A command-line tool that analyzes local CloudTrail files to detect off-instance AWS key usage patterns for security monitoring and forensic analysis.

Mana Security is a macOS-focused vulnerability management tool that continuously monitors 100+ applications for security vulnerabilities and tracks patching performance against community benchmarks.

A comprehensive dashboard for managing and monitoring honeypots with detailed information on attack attempts and connections.

Cloud Inquisitor is an AWS security tool that monitors resource ownership, detects domain hijacking, verifies security services, and manages IAM policies across multiple accounts.

A centralized tool for security monitoring and analysis that integrates various open source big data technologies.

Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.

A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.

Sysdig is a universal system visibility tool that provides deep monitoring and analysis capabilities for traditional systems and containerized environments through system call tracing and network activity monitoring.

A comprehensive guide to network security monitoring, teaching readers how to detect and respond to intrusions using open source software and vendor-neutral tools.

An Android-based self-defense application against forensic imaging tools like Cellebrite UFED.

An Ansible role that automates the deployment and management of Bifrozt honeypots for network security monitoring.

Cloudmarker is a configurable cloud monitoring tool and framework that audits Azure and GCP environments by retrieving, analyzing, and alerting on cloud security data.

PrismX is a cloud security dashboard that provides centralized AWS security monitoring based on CIS benchmarks with JIRA integration for issue management.

SkyWrapper analyzes temporary token behaviors in AWS accounts to detect suspicious activities and generates Excel reports with findings summaries.

A Perl honeypot program for monitoring hostile traffic and wasting hackers' time.

RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.

Comprehensive suite of tools and resources by Microsoft Azure for ensuring security and protection of data and applications in the cloud.