Fibratus is a modern tool for Windows kernel exploration and observability with a focus on security. It allows trapping system-wide events like process life-cycle, file system I/O, registry modifications, and network requests, providing deep operational visibility into the Windows kernel and running processes. Events can be shipped to various output sinks or captured for local inspection and forensics analysis, with a powerful filtering engine and rules engine for threat detection. Users can extend Fibratus using filaments to leverage the Python ecosystem.
FEATURES
ALTERNATIVES
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
An alternative to the auditd daemon with goals of safety, speed, JSON output, and pluggable pipelines connecting to the Linux kernel via netlink.
A robust endpoint security solution that offers data security, network security, and advanced threat prevention, all managed from a single console to protect your devices and data.
Kunai is a Linux-based system monitoring tool that provides real-time monitoring and threat hunting capabilities.
Event Log Explorer is a software solution for viewing, analyzing, and monitoring events recorded in Microsoft Windows event logs, offering advanced features and efficient filtering capabilities.
Doorman is an osquery fleet manager that allows administrators to remotely manage the osquery configurations retrieved by nodes.
Monitor WMI consumers and processes for potential malicious activity
AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.