Detection and Hunting Signatures
A set of interrelated network and host detection rules with the aim of improving detection and hunting visibility and context. Where applicable, each Snort rule includes metadata indicating the corresponding Yara and ClamAV rules, and each Yara signature also includes metadata to the corresponding Snort and ClamAV rules, and so on. Supported Rules Currently, Snort 3, Yara and ClamAV rules are supported. Additional singatures and formats are work in progress. Scripts Currently, only scripts available are used to aid in auto-generation of hash-based and certificate-based Yara rules.
FEATURES
ALTERNATIVES
Linux packet crafting tool for testing IDS/IPS and creating attack signatures.
Akamai Guardicore Segmentation is a microsegmentation tool that provides network visibility, policy creation, and enforcement to prevent lateral movement and protect critical assets in diverse IT environments.
An analyzer for parsing GQUIC traffic in Zeek, supporting versions Q039 to Q046, with a fingerprinting method named 'CYU' for detecting anomalous GQUIC traffic.
Repository of pcap traces for evaluating Network Intrusion Detection Systems in HVAC systems.
A network detection and response platform that combines AI-driven behavioral analytics with collaborative threat intelligence sharing across organizations to provide early warning of cyber attacks.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
A KDE Plasma 4 widget that displays real-time traffic information for active network connections on Linux computers.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.