nsm

Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

Suricata git repository maintained by the OISF

The Hybrid/Multi-cloud IP Service Mesh

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

Passive DNS Capture and Monitoring Toolkit

** README ** This repo has MOVED to https://github.com/quadrantsec/sagan

The tool for updating your Suricata rules.

A Suricata Docker image.

The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.

Suricata rules for network anomaly detection

Cyber Defence Monitoring Course Suite :: Suricata, Moloch and others

Assists music production by grouping standalone programs into sessions. Community version of "Non Session Manager".

Mapping NSM rules to MITRE ATT&CK

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

Documentation for Zeek

A package manager for Zeek

A curated list of awesome things related to Suricata

Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt