sshahriyar / totalads
Total Anomaly Detection System for software logs and traces
☆10Updated 9 years ago
Alternatives and similar repositories for totalads:
Users that are interested in totalads are comparing it to the libraries listed below
- Network timing evaluation used to detect beacons, works with argus flow as the source☆20Updated 8 years ago
- Python libary to normalize Yara signatures☆19Updated 4 years ago
- Random scripts for log mining, intel gathering, network querying, and other incident response-ish activities☆16Updated 2 years ago
- Simple parser for Splunk Processing Language (SPL) written in Python.☆35Updated 6 years ago
- Mine patterns from logs☆27Updated 8 years ago
- Network forensics tool to parse pcap and provide visualizations using D3.js☆15Updated 11 years ago
- ☆15Updated 7 years ago
- ☆15Updated 7 years ago
- Flow-Indexer indexes flows found in chunked log files from bro,nfdump,syslog, or pcap files☆44Updated 10 months ago
- User anomaly detector based on logs generated by Osquery framework and machine learning to process those logs.☆33Updated 7 years ago
- ☆39Updated 2 years ago
- Debian and Red Hat packaging for SIE DNS sensor☆15Updated last year
- Logging plugin to bro to send logs to a Kafka broker☆20Updated 7 years ago
- POC IDS anomaly detection engine built with iPython notebook, matplotlib, pandas, numpy, scikit-learn, d3.js, hyperloglog implementation,…☆79Updated 10 years ago
- ssdeep based clustering tool☆14Updated 9 years ago
- A collection of Yara rules I have created so far☆16Updated 4 years ago
- Zeek plugin to generate data on per-packet sizes and intervals☆14Updated 4 years ago
- Utility for parsing Bro log files into CSV or JSON format☆41Updated 2 years ago
- Feed for verious malicious IPs such as malware and botnets☆12Updated 8 years ago
- An open source pcap packet and NetFlow file analysis tool using Hadoop MapReduce and Hive.☆43Updated 11 years ago
- Help summarize a PCAP file☆33Updated 13 years ago
- Hogzilla is an Intrusion Detection System (IDS) supported by Snort, Apache Spark, HBase and libnDPI, which provides Network Anomaly Detec…☆28Updated 6 years ago
- Exporting MISP event attributes to yara rules usable with Thor apt scanner☆24Updated 8 years ago
- A Zeek package that detects Zoom logins and meeting joins☆12Updated 4 years ago
- The FastIR Server is a Web server to schedule FastIR Collector forensics collect thanks to the FastIR Agent☆12Updated 7 years ago
- Incremental Machine Leaning by example - Detecting suspicious activity in real time with Zeek data streams, River and JA3 hashes☆15Updated 2 years ago
- Download all packet captures from http://malware-traffic-analysis.net/☆20Updated 10 years ago
- The Auditd Framework logs and applies security policy to linux auditd data☆15Updated 7 years ago
- Flame - Send vulnerabilities reports to SIEM☆15Updated 8 years ago
- yara rules for crypto detection☆30Updated 10 years ago