Alternatives and similar repositories for Malcolm

Users that are interested in Malcolm are comparing it to the libraries listed below

• cisagov / Malcolm

  View on GitHub
  Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…
  ☆2,334Jan 30, 2026Updated 2 weeks ago
• activecm / rita-legacy

  View on GitHub
  Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…
  ☆2,514Jan 12, 2026Updated last month
• wagga40 / Zircolite

  View on GitHub
  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
  ☆778Feb 6, 2026Updated last week
• CriticalPathSecurity / Zeek-Intelligence-Feeds

  View on GitHub
  Zeek-Formatted Threat Intelligence Feeds
  ☆384Updated this week
• 0xtf / testmynids.org

  View on GitHub
  A website and framework for testing NIDS detection
  ☆57Aug 29, 2021Updated 4 years ago
• cisagov / ICSNPP

  View on GitHub
  Industrial Control Systems Network Protocol Parsers
  ☆189Sep 4, 2025Updated 5 months ago
• Velocidex / velociraptor

  View on GitHub
  Digging Deeper....
  ☆3,747Feb 5, 2026Updated last week
• ScarredMonk / SysmonSimulator

  View on GitHub
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆861Jan 20, 2022Updated 4 years ago
• arkime / arkime

  View on GitHub
  Arkime is an open source, large scale, full packet capturing, indexing, and database system.
  ☆7,300Updated this week
• cutaway-security / cutsec_presentations

  View on GitHub
  Presentation Slides and Resources
  ☆16Jun 12, 2024Updated last year
• mmguero-dev / Malcolm

  View on GitHub
  Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…
  ☆30Updated this week
• theparanoids / spicy-noise

  View on GitHub
  A Spicy protocol analyzer for WireGuard
  ☆29Aug 11, 2020Updated 5 years ago
• corelight / zeek-community-id

  View on GitHub
  Zeek support for Community ID flow hashing.
  ☆37Jul 11, 2023Updated 2 years ago
• mmguero-dev / Malcolm-PCAP

  View on GitHub
  This repository has been archived in favor of https://github.com/idaholab/Malcolm-Test-Artifacts
  ☆37Dec 11, 2024Updated last year
• mnemonic-no / SNIcat

  View on GitHub
  SNIcat
  ☆128Aug 19, 2021Updated 4 years ago
• target / strelka

  View on GitHub
  Real-time, container-based file scanning at enterprise scale
  ☆974Updated this week
• Yamato-Security / hayabusa

  View on GitHub
  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
  ☆3,014Feb 4, 2026Updated last week
• tenzir / dockerized-zeek

  View on GitHub
  Dockerized Zeek
  ☆12Mar 9, 2024Updated last year
• idaholab / Malcolm-Helm

  View on GitHub
  Helm charts for deploying Malcolm
  ☆16Jan 29, 2026Updated 2 weeks ago
• zeek / spicy-analyzers

  View on GitHub
  Growing collection of Spicy-based protocol and file analyzers for Zeek
  ☆32Sep 16, 2024Updated last year
• SigmaHQ / sigma

  View on GitHub
  Main Sigma Rule Repository
  ☆10,109Updated this week
• clong / DetectionLab

  View on GitHub
  Automate the creation of a lab environment complete with security tooling and logging best practices
  ☆4,901Jul 6, 2024Updated last year
• StamusNetworks / Clear-NDR-ISO

  View on GitHub
  A Suricata based NDR distribution
  ☆1,590Sep 13, 2025Updated 5 months ago
• WithSecureLabs / chainsaw

  View on GitHub
  Rapidly Search and Hunt through Windows Forensic Artefacts
  ☆3,440Oct 12, 2025Updated 4 months ago
• InQuest / ThreatIngestor

  View on GitHub
  Extract and aggregate threat intelligence.
  ☆902Jan 31, 2024Updated 2 years ago
• OpenCTI-Platform / opencti

  View on GitHub
  Open Cyber Threat Intelligence Platform
  ☆8,212Updated this week
• brimdata / zui

  View on GitHub
  Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.
  ☆1,925Feb 3, 2026Updated last week
• intelowlproject / IntelOwl

  View on GitHub
  IntelOwl: manage your Threat Intelligence at scale
  ☆4,445Updated this week
• mandiant / ThreatPursuit-VM

  View on GitHub
  Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysi…
  ☆1,301Jun 1, 2023Updated 2 years ago
• cutaway-security / ICSPcapViz

  View on GitHub
  A packet capture visualizer for industrial control networks.
  ☆55Dec 4, 2023Updated 2 years ago
• Cyb3rWard0g / HELK

  View on GitHub
  The Hunting ELK
  ☆3,913Jun 1, 2024Updated last year
• kevoreilly / CAPEv2

  View on GitHub
  Malware Configuration And Payload Extraction
  ☆2,991Feb 6, 2026Updated last week
• brimdata / brimcap

  View on GitHub
  Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)
  ☆92Apr 25, 2025Updated 9 months ago
• cisagov / icsnpp-opcua-binary

  View on GitHub
  Zeek OPCUA Binary Parser - CISA ICSNPP
  ☆21Nov 19, 2025Updated 2 months ago
• ion-storm / sysmon-edr

  View on GitHub
  Sysmon EDR POC Build within Powershell to prove ability.
  ☆226May 1, 2021Updated 4 years ago
• dfir-iris / iris-web

  View on GitHub
  Collaborative Incident Response platform
  ☆1,384Jan 27, 2026Updated 2 weeks ago
• The-DFIR-Report / Suricata-Rules

  View on GitHub
  ☆11Jun 12, 2023Updated 2 years ago
• corelight / zeek-quic

  View on GitHub
  Bro analyzer that detects Google's QUIC protocol
  ☆10Mar 2, 2021Updated 4 years ago
• zeek / zeek-af_packet-plugin

  View on GitHub
  Plugin providing native AF_Packet support for Zeek.
  ☆33Oct 22, 2025Updated 3 months ago