Opensource Security Operation Centers and Incident Response system

Tags

Opensource Security Operation Centers and Incident Response system.

  1. HELK
    A hunting platform to detect and analyze threats using open-source tools like Elasticsearch, Kibana, and Apache Kafka, enabling real-time security event processing and analysis.

  2. Graylog
    A log management tool for collecting, indexing, and analyzing machine data to identify anomalies, investigate issues, and visualize performance trends.

  3. Velociraptor
    A powerful endpoint monitoring and digital forensics tool that provides real-time querying and response capabilities for investigating cybersecurity incidents.

  4. Velociraptor Exchange
    A repository of community-shared Velociraptor artifacts for performing endpoint investigations, such as scripts, queries, and configuration templates.

  5. Wazuh
    An open-source security platform offering threat detection, compliance management, and incident response across diverse IT infrastructures.

  6. ElastiFlow
    A network flow monitoring and analytics solution built on the Elastic Stack, enabling visibility into network performance and security.

  7. Arkime
    A large-scale, open-source network traffic capture and analysis tool designed for security monitoring and network troubleshooting.

  8. osquery
    A tool to query and investigate the state of an operating system using SQL-like syntax, offering insights into system behavior and security posture.

  9. TheHive
    An open-source Security Incident Response Platform (SIRP) for managing and investigating security incidents collaboratively.

  10. Cortex
    A powerful observables analysis engine that automates the enrichment of threat intelligence data to support incident response activities.

  11. Shuffle
    An open-source security automation platform for building workflows to streamline threat response, investigation, and IT operations.

  12. IRIS Web
    A platform for collaborative incident response and investigation that centralizes case management, evidence handling, and analysis.

  13. MISP
    A threat intelligence platform for sharing, storing, and analyzing security incidents and indicators of compromise (IOCs).

  14. Jupyter
    An interactive computational environment for creating and sharing documents with live code, visualizations, and narrative text, used extensively in data science and research.

  15. Suricata
    A high-performance network threat detection engine capable of intrusion detection (IDS), intrusion prevention (IPS), and network monitoring.

  16. Zeek
    A network security monitor that analyzes traffic for unusual patterns, providing insights into potential threats through detailed protocol analysis.

  17. VECTR
    A tool for managing adversary emulation and attack simulation exercises, enabling the evaluation of defensive capabilities and security posture.

  18. SOC OpenSource
    A curated list of open-source tools for building and enhancing Security Operations Centers (SOC), focusing on detection, analysis, and response.

LinkedIn Reddit