Alternatives and similar repositories for zeek_anomaly_detector

Users that are interested in zeek_anomaly_detector are comparing it to the libraries listed below

• 0xtf / nsm-attack
  Mapping NSM rules to MITRE ATT&CK
  ☆71Updated 4 years ago
• SCILabsMX / yaraZeekAlert
  This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a mat…
  ☆62Updated last year
• vlegoy / rcATT
  A python app to predict Att&ck tactics and techniques from cyber threat reports
  ☆124Updated last year
• hgascon / security-datasets
  A collection of resources for security data
  ☆41Updated 7 years ago
• zeek / zeek-training
  Zeek Training Materials/Products
  ☆37Updated last month
• elcabezzonn / Pcaps
  ☆49Updated last year
• dgunter / ParseZeekLogs
  Utility for parsing Bro log files into CSV or JSON format
  ☆41Updated 2 years ago
• michalpurzynski / zeek-scripts
  zeek-scripts
  ☆44Updated 6 years ago
• fhightower / ioc-finder
  Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security relate…
  ☆167Updated last year
• zeek / zeek-agent
  This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2
  ☆123Updated 4 years ago
• DynamiteAI / dynamite-nsm
  DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat det…
  ☆170Updated 2 years ago
• cmu-sei / cyobstract
  A tool to extract structured cyber information from incident reports.
  ☆80Updated 6 years ago
• tylabs / dovehawk
  Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
  ☆121Updated 4 years ago
• MISP / misp-objects
  Definition, description and relationship types of MISP objects
  ☆99Updated 2 weeks ago
• corelight / zeek-community-id
  Zeek support for Community ID flow hashing.
  ☆35Updated 2 years ago
• yukh1402 / cti-stix-diamond-activity-attack-graph
  STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling
  ☆33Updated 7 months ago
• amzn / zeek-plugin-enip
  Zeek network security monitor plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
  ☆45Updated last year
• Kirtar22 / ATTACK-Threat_Intel
  Graph Representation of MITRE ATT&CK's CTI data
  ☆48Updated 5 years ago
• 0xtf / testmynids.org
  A website and framework for testing NIDS detection
  ☆57Updated 3 years ago
• MISP / MISP-STIX-Converter
  A utility repo to assist with converting between MISP and STIX formats
  ☆68Updated 4 years ago
• InQuest / ThreatKB
  Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)
  ☆102Updated last month
• tenzir / threatbus
  🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
  ☆263Updated 2 years ago
• blacktop / docker-zeek
  Zeek IDS Dockerfile
  ☆101Updated 2 years ago
• oasis-open / cti-stix-visualization
  OASIS TC Open Repository: Lightweight visualization for STIX 2.0 objects and relationships
  ☆151Updated 2 months ago
• StamusNetworks / suricata-4-analysts
  The Security Analyst’s Guide to Suricata
  ☆56Updated 2 months ago
• zeek / packages
  The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.
  ☆138Updated last week
• freetaxii / stix2-graphics
  Graphics, icons, and diagrams to support STIX 2
  ☆46Updated 4 years ago
• neu5ron / TMInfosec
  Repository of all the sites related to infosec IP/Domain/Hash/SSL/etc OSINT and eventually will include more.
  ☆66Updated last year
• SecurityNik / Data-Science-and-ML
  ☆40Updated 3 months ago
• csirtgadgets / cif-v5
  The FASTEST way to consume threat intel.
  ☆68Updated 2 years ago