Alternatives and similar repositories for Malcolm

Users that are interested in Malcolm are comparing it to the libraries listed below

• mitre-attack / bzar
  A set of Zeek scripts to detect ATT&CK techniques.
  ☆589Updated 10 months ago
• threathunters-io / laurel
  Transform Linux Audit logs for SIEM usage
  ☆763Updated this week
• CriticalPathSecurity / Zeek-Intelligence-Feeds
  Zeek-Formatted Threat Intelligence Feeds
  ☆361Updated this week
• teoseller / osquery-attck
  Mapping the MITRE ATT&CK Matrix with Osquery
  ☆791Updated 2 years ago
• philhagen / sof-elk
  Configuration files for the SOF-ELK VM
  ☆1,583Updated last month
• cyb3rfox / Aurora-Incident-Response
  Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
  ☆903Updated last year
• MISP / x_old_misp_docker
  MISP Docker (XME edition)
  ☆282Updated last year
• cisagov / Malcolm
  Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…
  ☆2,118Updated this week
• TheHive-Project / Cortex-Analyzers
  Cortex Analyzers Repository
  ☆460Updated last week
• secureworks / dalton
  Suricata, Snort and Zeek IDS rule and pcap testing system
  ☆477Updated 4 months ago
• mitre-attack / car
  Cyber Analytics Repository
  ☆937Updated this week
• center-for-threat-informed-defense / attack-workbench-frontend
  An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…
  ☆354Updated last week
• olafhartong / ThreatHunting
  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
  ☆1,156Updated last year
• tclahr / uac
  UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …
  ☆965Updated 3 weeks ago
• TonyPhipps / SIEM
  SIEM Tactics, Techiques, and Procedures
  ☆627Updated last week
• corelight / zeek-cheatsheets
  Zeek Log Cheatsheets
  ☆291Updated 2 years ago
• coolacid / docker-misp
  A (nearly) production ready Dockered MISP
  ☆231Updated last year
• wagga40 / Zircolite
  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
  ☆712Updated last month
• StamusNetworks / scirius
  Scirius is a web application for Suricata ruleset management and threat hunting.
  ☆649Updated last month
• dfirtrack / dfirtrack
  DFIRTrack - The Incident Response Tracking Application
  ☆498Updated 8 months ago
• mitre-attack / attack-datasources
  This content is analysis and research of the data sources currently listed in ATT&CK.
  ☆409Updated last year
• TheHive-Project / Cortex
  Cortex: a Powerful Observable Analysis and Active Response Engine
  ☆1,422Updated 6 months ago
• center-for-threat-informed-defense / attack-flow
  Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by devel…
  ☆607Updated last week
• TheHive-Project / CortexDocs
  Documentation of Cortex
  ☆174Updated last year
• atc-project / atomic-threat-coverage
  Actionable analytics designed to combat threats
  ☆984Updated 2 years ago
• V1D1AN / S1EM
  This project is a SIEM with SIRP and Threat Intel, all in one.
  ☆437Updated 5 months ago
• Neo23x0 / munin
  Online hash checker for Virustotal and other services
  ☆825Updated last month
• atc-project / atc-react
  A knowledge base of actionable Incident Response techniques
  ☆635Updated 2 years ago
• OTRF / OSSEM
  Open Source Security Events Metadata (OSSEM)
  ☆1,266Updated 2 years ago
• OTRF / Security-Datasets
  Re-play Security Events
  ☆1,641Updated last year