quadrantsec / sagan
Sagan is a multi-threads, high performance log analysis engine. At it's core, Sagan similar to Suricata/Snort but with logs rather than network packets.
☆168Updated 2 weeks ago
Alternatives and similar repositories for sagan:
Users that are interested in sagan are comparing it to the libraries listed below
- Suricata rules for network anomaly detection☆159Updated 3 weeks ago
- Open source endpoint agent providing host information to Zeek. [v2]☆80Updated 5 months ago
- DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat det…☆170Updated last year
- ☆29Updated this week
- The Security Analyst’s Guide to Suricata☆55Updated 10 months ago
- Suricata Verification Tests - Testing Suricata Output☆105Updated this week
- The OTX Suricata Rule Generator can be used to create the rules and configuration for Suricata to alert on indicators from your OTX accou…☆109Updated 11 months ago
- The tool for updating your Suricata rules.☆270Updated last week
- Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search☆453Updated last week
- A curated list of awesome things related to Suricata☆164Updated last month
- A Ruleset to enhance detection capabilities of Ossec using Sysmon☆92Updated 3 years ago
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆397Updated 2 weeks ago
- Open Source Security Information and event Management☆90Updated 9 years ago
- PcapMonkey will provide an easy way to analyze pcap using the latest version of Suricata and Zeek.☆153Updated 3 weeks ago
- Suricata Extreme Performance Tuning guide - Mark II☆116Updated 7 years ago
- OwlH Master API☆24Updated 11 months ago
- Passive Real-time Asset Detection System☆236Updated 10 months ago
- Tool for managing Zeek deployments.☆54Updated 3 weeks ago
- Meer is a "spooler" for Suricata / Sagan.☆29Updated last year
- Collection of various open-source an commercial rulesets for NIDS (especially for Suricata and Snort)☆23Updated last year
- Suricata Extreme Performance Tuning guide☆207Updated 7 years ago
- 🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.☆261Updated 2 years ago
- fast, extensible, versatile event router for Suricata's EVE-JSON format☆50Updated this week
- Suricata, Snort and Zeek IDS rule and pcap testing system☆474Updated 3 months ago
- Scirius is a web application for Suricata ruleset management and threat hunting.☆646Updated 4 months ago
- Docker configurations for TheHive, Cortex and 3rd party tools☆120Updated 2 years ago
- ☆53Updated last week
- Mapping NSM rules to MITRE ATT&CK☆71Updated 4 years ago
- Zeek IDS Dockerfile☆101Updated 2 years ago
- Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)☆80Updated 6 months ago