Threat Detection

IBM QRadar is a SIEM solution for real-time threat detection.

Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.

AI-driven XDR platform for endpoint security with threat prevention and detection

An Ansible role that automates the deployment and management of Bifrozt honeypots for network security monitoring.

Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.

POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.

Official repository of YARA rules for threat detection and hunting

Free cyber threat intelligence feeds for proactive threat detection

An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.

Automated DFIR platform for rapid incident investigation and endpoint triage

Hybrid cloud security platform with workload and network protection

SkyWrapper analyzes temporary token behaviors in AWS accounts to detect suspicious activities and generates Excel reports with findings summaries.

RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.

A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.

Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.

A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.

ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.

Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.

Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.

A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.

A plugin repository that extends the Honeycomb honeypot framework with additional features and capabilities for enhanced threat detection and analysis.

Amazon GuardDuty is a threat detection service for AWS accounts.

High-performance remote packet capture and collection tool used for forensic analysis in cloud workloads.

Falco is a CNCF graduated runtime security tool that monitors Linux kernel events and syscalls to detect abnormal behavior and security threats in cloud native environments.