brimdata / brimcap
Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)
☆74Updated this week
Related projects: ⓘ
- Open source endpoint agent providing host information to Zeek. [v2]☆61Updated this week
- PcapMonkey will provide an easy way to analyze pcap using the latest version of Suricata and Zeek.☆142Updated 6 months ago
- ☆43Updated last year
- simple YARA-based IOC scanner☆162Updated 3 weeks ago
- PacketSifter is a tool/script that is designed to aid analysts in sifting through a packet capture (pcap) to find noteworthy traffic. Pac…☆93Updated 3 years ago
- Suricata Verification Tests - Testing Suricata Output☆99Updated this week
- Suricata rule and intel index☆28Updated last month
- Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…☆60Updated 4 months ago
- Suricata rules for network anomaly detection☆152Updated 3 weeks ago
- Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.☆99Updated 5 months ago
- Cisco Orbital - Osquery queries by Talos☆122Updated 3 weeks ago
- A Linux Auditd rule set mapped to MITRE's Attack Framework☆87Updated 11 months ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆32Updated 2 years ago
- MITRE Engage™ is a framework for conducting Denial, Deception, and Adversary Engagements.☆59Updated 5 months ago
- Look into EDR events from network☆23Updated 5 months ago
- Osquery Resources☆59Updated 5 years ago
- IoT and Operational Technology Honeypot☆104Updated 11 months ago
- tshark + ELK analytics virtual machine☆65Updated 2 years ago
- YaraScanner is a file pattern-matching tool based on YARA rules.☆54Updated last year
- ☆78Updated last year
- Lupo - Malware IOC Extractor. Debugging module for Malware Analysis Automation☆104Updated 2 years ago
- A CALDERA plugin☆63Updated 7 months ago
- 🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.☆255Updated last year
- A forensic evidence acquirer☆85Updated 3 years ago
- go-atomicredteam is a Golang application to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team project (https…☆45Updated last year
- ☆34Updated last year
- Lua plugin to extract data from Wireshark and convert it into MISP format☆46Updated 10 months ago
- Growing collection of Spicy-based protocol and file analyzers for Zeek☆32Updated this week
- A CALDERA plugin☆33Updated last month
- firedrill is a malware simulation harness for evaluating your security controls☆138Updated 7 months ago