Falco Rules
A repository of pre-defined detections for security threats and abnormal behaviors in Falco.
TCPFLOW is a tool for capturing data transmitted as part of TCP connections. It can be easily installed on most GNU/Linux distributions using package managers like apt or dnf, or built from source by running the necessary configuration scripts and compiling the code. Additionally, the development tree can be downloaded from the GitHub repository for more advanced users.
A repository of pre-defined detections for security threats and abnormal behaviors in Falco.
Tcpreplay is a suite of Open Source utilities for editing and replaying captured network traffic.
A Yara scanner for IMAP feeds and saved streams, extracting attachments and scanning them with chosen Yara rule files.
An extended traceroute tool for CSIRT operators with advanced features.
Ensnare is a gem plugin for Ruby on Rails that enables quick deployment of a malicious behavior detection and response scheme using Honey Traps and Trap Responses.
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.