Alternatives and similar repositories for s4a:

Users that are interested in s4a are comparing it to the libraries listed below

• automayt / FlowPlotter
  Generates visualizations from the output of flow tools such as SiLK.
  ☆35Updated 8 years ago
• spitfire55 / MegaDev
  Bro IDS + ELK Stack to detect and block data exfiltration
  ☆46Updated 6 years ago
• Intevation / intelmq-mailgen
  IntelMQ command line tool to process events and send out email notifications.
  ☆9Updated 3 weeks ago
• DCSO / MISP-dockerized
  ☆33Updated 4 years ago
• tribalchicken / postfix-cuckoolyse
  A Postfix filter which takes a piped message and submits it to Cuckoo Sandbox
  ☆11Updated 9 years ago
• sfakiana / FIRST-CTI-2019
  References for FIRST CTI 2019 Symposium presentation
  ☆22Updated 6 years ago
• ncsa / bro-doctor
  ☆23Updated 5 years ago
• initconf / scan-NG
  scan-detection policies for bro
  ☆16Updated 2 months ago
• fl0x2208 / ThreatHunting
  An informational repo about hunting for adversaries in your IT environment.
  ☆14Updated 8 years ago
• BreakingMalwareResearch / YetiToElastic
  YETI (Your Everyday Threat Intelligence) Integration to Elastic Stack
  ☆16Updated 4 years ago
• defensivedepth / Sysmon_OSSEC
  OSSEC Decoder & Rulesets for Sysmon Events
  ☆15Updated 9 years ago
• enisaeu / Reference-Security-Incident-Taxonomy-Task-Force
  This repository hosts files relating to the TF-CSIRT Reference Security Incident Taxonomy Working Group.
  ☆64Updated this week
• JustinAzoff / flow-indexer
  Flow-Indexer indexes flows found in chunked log files from bro,nfdump,syslog, or pcap files
  ☆44Updated 11 months ago
• fireeye / brocapi
  Bro PCAP Processing and Tagging API
  ☆28Updated 7 years ago
• MISP / mail_to_misp
  Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
  ☆69Updated last year
• ncsa / bro-simple-scan
  ☆14Updated 11 months ago
• dgunter / ParseZeekLogs
  Utility for parsing Bro log files into CSV or JSON format
  ☆41Updated 2 years ago
• Concinnity-Risks / LogisticalBudget
  This project contains code for comparing or ranking APT capabilities and operational capacity. The metrics are meant to quantify, rank, o…
  ☆35Updated 6 years ago
• CERT-Bund / yara-exporter
  Exporting MISP event attributes to yara rules usable with Thor apt scanner
  ☆24Updated 8 years ago
• micrictor / smbfp
  Zeek package to generate a SMB client fingerprint
  ☆27Updated 4 years ago
• JustinAzoff / can-i-use-afpacket-fanout
  Validate if afpacket PACKET_FANOUT_HASH is working properly
  ☆25Updated 2 years ago
• DCSO / balboa
  server for indexing and querying passive DNS observations
  ☆45Updated 3 weeks ago
• DearBytes / Opensource-Endpoint-Monitoring
  This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
  ☆34Updated 5 years ago
• eCrimeLabs / MISP2CbR
  Utilizing your Threat data from a MISP instance into CarbonBlack Response by exposing the data in the Threat Intelligence Feed.
  ☆19Updated 2 years ago
• corelight / http-stalling-detector
  Detect HTTP stalling attacks like slowloris with Bro
  ☆19Updated 7 years ago
• xme / cuckoomx
  CuckooMX is a project to automate analysis of files transmitted over SMTP (using the Cuckoo sandbox)
  ☆41Updated 12 years ago
• dougiep16 / actortrackr
  Home to the ActorTrackr source code
  ☆24Updated 7 years ago
• mohlcyber / OpenDXL-MISP-IntelMQ-Output
  Automated OpenDXL Output information via IntelMQ
  ☆14Updated 7 years ago
• theparanoids / rdfp
  Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt
  ☆39Updated last year
• defensivedepth / Pertinax
  Integrating Sysinternals Autoruns’ logs into Security Onion
  ☆31Updated last year