secureworks / daltonLinks
Suricata, Snort and Zeek IDS rule and pcap testing system
☆498Updated 2 weeks ago
Alternatives and similar repositories for dalton
Users that are interested in dalton are comparing it to the libraries listed below
Sorting:
- The tool for updating your Suricata rules.☆280Updated this week
- idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)☆281Updated 2 months ago
- Scirius is a web application for Suricata ruleset management and threat hunting.☆667Updated 3 weeks ago
- Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark☆446Updated last year
- Suricata rules for network anomaly detection☆173Updated 5 months ago
- a network packet capture compiler☆202Updated 3 years ago
- Mapping the MITRE ATT&CK Matrix with Osquery☆801Updated 2 years ago
- Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search☆469Updated last week
- The Python SDK for AlienVault OTX☆387Updated last year
- PCAP Samples for Different Post Exploitation Techniques☆365Updated 4 years ago
- Some results of my DGA reversing efforts☆676Updated last week
- A Linux Auditd rule set mapped to MITRE's Attack Framework☆811Updated 5 years ago
- Defanged Indicator of Compromise (IOC) Extractor.☆550Updated last year
- Suricata Verification Tests - Testing Suricata Output☆114Updated this week
- Indicators from Unit 42 Public Reports☆724Updated last month
- This repository will hold PCAP IOC data related with known malware samples (owner: Bryant Smith)☆107Updated 4 years ago
- Super Next generation Advanced Reactive honEypot☆469Updated last year
- A set of Zeek scripts to detect ATT&CK techniques.☆607Updated last year
- FireEye Publicly Shared Indicators of Compromise (IOCs)☆469Updated 6 years ago
- Zeek IDS Dockerfile☆101Updated 2 years ago
- Mirror of https://github.com/zeek/zeek☆176Updated 2 years ago
- Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.☆353Updated 4 years ago
- Suricata IDS/IPS log analytics using the Elastic Stack.☆239Updated 4 years ago
- Tool to extract indicators of compromise from security reports in PDF format☆439Updated 2 years ago
- The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).☆548Updated 2 years ago
- Extract and aggregate threat intelligence.☆885Updated last year
- Python Script to access ATT&CK content available in STIX via a public TAXII server☆568Updated 9 months ago
- Elemental - An ATT&CK Threat Library☆319Updated 2 years ago
- Clusters and elements to attach to MISP events or attributes (like threat actors)☆583Updated this week
- Cyber Analytics Repository☆962Updated 4 months ago