Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
☆2,344Feb 19, 2026Updated 2 weeks ago
Alternatives and similar repositories for Malcolm
Users that are interested in Malcolm are comparing it to the libraries listed below
Sorting:
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆457Feb 19, 2026Updated 2 weeks ago
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,515Jan 12, 2026Updated last month
- Detect Tactics, Techniques & Combat Threats☆2,264Jan 21, 2026Updated last month
- Re-play Security Events☆1,725Mar 20, 2024Updated last year
- Digging Deeper....☆3,784Updated this week
- Configuration files for the SOF-ELK VM☆1,720Jan 21, 2026Updated last month
- Arkime is an open source, large scale, full packet capturing, indexing, and database system.☆7,310Updated this week
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,908Jul 6, 2024Updated last year
- Cybersecurity Evaluation Tool☆1,770Updated this week
- Your Everyday Threat Intelligence☆1,954Feb 12, 2026Updated 3 weeks ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,492Jan 12, 2026Updated last month
- Automated Adversary Emulation Platform☆6,781Updated this week
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,136Oct 19, 2025Updated 4 months ago
- A toolset to make a system look as if it was the victim of an APT attack☆2,714Sep 23, 2025Updated 5 months ago
- A repository of sysmon configuration modules☆2,987Aug 21, 2024Updated last year
- Malwoverview is a rapid response tool used to gather intelligence information from VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malsh…☆3,547Jan 20, 2026Updated last month
- RedEye is a visual analytic tool supporting Red & Blue Team operations☆2,740Oct 20, 2023Updated 2 years ago
- Main Sigma Rule Repository☆10,156Updated this week
- Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.☆7,496Updated this week
- MISP (core software) - Open Source Threat Intelligence and Sharing Platform☆6,150Updated this week
- Open Cyber Threat Intelligence Platform☆8,960Updated this week
- Windows Events Attack Samples☆2,517Jan 24, 2023Updated 3 years ago
- IntelOwl: manage your Threat Intelligence at scale☆4,467Updated this week
- A set of Zeek scripts to detect ATT&CK techniques.☆621Jun 26, 2024Updated last year
- Virtual Machine for Adversary Emulation and Threat Hunting☆1,313Jan 22, 2025Updated last year
- Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.☆1,338Dec 13, 2022Updated 3 years ago
- Real-time, container-based file scanning at enterprise scale☆977Updated this week
- The Hunting ELK☆3,912Jun 1, 2024Updated last year
- Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term o…☆2,624Dec 13, 2025Updated 2 months ago
- FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network …☆679Oct 28, 2023Updated 2 years ago
- TrustedSec Sysinternals Sysmon Community Guide☆1,372Feb 10, 2026Updated 3 weeks ago
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,460Updated this week
- A Splunk app mapped to MITRE ATT&CK to guide your threat hunts☆1,174Jul 26, 2023Updated 2 years ago
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11,632Updated this week
- Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-t…☆1,380Updated this week
- A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…☆2,445Feb 24, 2026Updated last week
- VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities a…☆1,549Feb 10, 2026Updated 3 weeks ago
- ☆2,392Oct 14, 2023Updated 2 years ago
- APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the …☆1,402Nov 7, 2024Updated last year