idaholab / Malcolm
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
☆392Updated this week
Alternatives and similar repositories for Malcolm:
Users that are interested in Malcolm are comparing it to the libraries listed below
- Zeek-Formatted Threat Intelligence Feeds☆358Updated this week
- A set of Zeek scripts to detect ATT&CK techniques.☆583Updated 9 months ago
- SIEM Tactics, Techiques, and Procedures☆616Updated last month
- Cortex Analyzers Repository☆451Updated this week
- Mapping the MITRE ATT&CK Matrix with Osquery☆790Updated last year
- MISP Docker (XME edition)☆282Updated last year
- Suricata, Snort and Zeek IDS rule and pcap testing system☆473Updated 2 months ago
- A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.☆854Updated 7 months ago
- Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by devel…☆597Updated 2 weeks ago
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,086Updated this week
- MISP trainings, threat intel and information sharing training materials with source code☆404Updated last month
- A repository of curated datasets from various attacks☆632Updated last week
- A Splunk app mapped to MITRE ATT&CK to guide your threat hunts☆1,145Updated last year
- This project is a SIEM with SIRP and Threat Intel, all in one.☆430Updated 4 months ago
- Suricata rules for network anomaly detection☆156Updated 2 weeks ago
- Actionable analytics designed to combat threats☆981Updated 2 years ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆896Updated last year
- Transform Linux Audit logs for SIEM usage☆754Updated this week
- ReversingLabs YARA Rules☆806Updated last week
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆706Updated this week
- A knowledge base of actionable Incident Response techniques☆632Updated 2 years ago
- Documentation of TheHive☆396Updated last year
- An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…☆347Updated this week
- OpenCTI Connectors☆427Updated this week
- Repository of YARA rules made by Trellix ATR Team☆585Updated 2 weeks ago
- A Ruleset to enhance detection capabilities of Ossec using Sysmon☆91Updated 2 years ago
- Configuration files for the SOF-ELK VM☆1,574Updated this week
- Open Source Security Events Metadata (OSSEM)☆1,260Updated 2 years ago
- Security event correlation engine for ELK stack☆436Updated 9 months ago
- Indicators of Compromise☆189Updated this week