Security Monitoring

A defense-in-depth security automation framework for AWS that combines threat intelligence, machine learning, and serverless technologies to prevent, detect, and respond to threats through automated security telemetry collection and analysis.

A repository of officially managed detection rules for the Falco runtime security monitoring system that identifies threats, abnormal behaviors, and compliance violations through syscall and container event analysis.

A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices

NodeSecure is a cybersecurity project that provides security monitoring and analysis capabilities specifically designed for Node.js applications.

A comprehensive AWS security automation toolkit that provides event monitoring, data protection, resource management, and security configuration validation across AWS environments.

A multi-account AWS security tool that identifies misconfigurations, provides real-time reporting, and performs automated remediation to establish secure cloud guardrails.

Medium interaction SSH honeypot for logging brute force attacks and shell interactions.

DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.

Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.

Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.

A Certificate Transparency log monitor that alerts users when SSL/TLS certificates are issued for their domains, helping detect unauthorized certificate issuance and potential security threats.

Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.

A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.

Multi-honeypot platform with various honeypots and monitoring tools.

An archived community-driven collection of open source cloud security tools that provided monitoring and compliance capabilities for cloud infrastructure.

OpenRASP is a runtime application self-protection solution that integrates into application servers to monitor and block threats in real-time using context-aware instrumentation.

CloudTrail Partitioner automates the creation and management of partitioned Athena tables for AWS CloudTrail logs with nightly partition updates.

CyberOwl aggregates and summarizes daily security advisories from multiple CERT organizations and threat intelligence sources into consolidated reports.

Snort is an open source intrusion prevention system that uses rules to detect and prevent malicious network activity.

A honeypot agent for running honeypots with service and data at threatwar.com.

ElastAlert is a framework for alerting on anomalies in Elasticsearch data.

Automate AWS security checks and centralize security alerts.

A command-line tool that analyzes local CloudTrail files to detect off-instance AWS key usage patterns for security monitoring and forensic analysis.

Mana Security is a macOS-focused vulnerability management tool that continuously monitors 100+ applications for security vulnerabilities and tracks patching performance against community benchmarks.