Professional Documents
Culture Documents
Opensecuritytools
Opensecuritytools
Zeek
Sigma
Yara
TheHive
Cortex
Arkime
Suricata
Trivy
Metasploit
Burpsuite Community
Honeypots
OSSEC: An open source intrusion detection system that monitors log files, file
integrity, rootkits, and other security-related events.
Zeek: A powerful network analysis framework that can capture and analyze network
traffic and generate logs for analysis.
Bro/Zeek IDS: A powerful network security monitoring system that can detect and
analyze network activity.
TheHive: An open source incident response platform that can be used to manage and
track security incidents.
Scalable open source solution that provides a security incident response
platform (Collaborate, Elaborate, Analyze)
ELK Stack: A combination of Elasticsearch, Logstash, and Kibana, which can be used
to collect, parse, and visualize log data from multiple sources.
Yara: A pattern matching tool that can be used to identify and classify malware and
other malicious files.
Snort: Snort is an open source intrusion detection and prevention system that can
be used to monitor network traffic for suspicious activity. SOC analysts can use
this tool to detect and respond to attacks in real-time.
Wireshark: Wireshark is an open source network protocol analyzer that allows SOC
analysts to capture and analyze network traffic. This tool is useful for detecting
network anomalies, identifying security threats, and troubleshooting network
issues.
OSSEC: OSSEC is an open source host-based intrusion detection system (HIDS) that
can be used to monitor server logs and system files for signs of suspicious
activity. SOC analysts can use this tool to detect and respond to threats on their
servers.
Moloch: Moloch is an open source network packet capture and indexing system that
can be used to store and analyze large amounts of network traffic. SOC analysts can
use this tool to search for specific network events and identify security
incidents.
YARA - A tool used for malware detection and classification based on pattern
matching.
Nmap - A network exploration and security auditing tool that can be used for
vulnerability scanning and network mapping.
Distributions
- Security Onion
- RockNSM