Alternatives and similar repositories for sysflow

Users that are interested in sysflow are comparing it to the libraries listed below

• redcanaryco / redcanary-ebpf-sensor
  Red Canary's eBPF Sensor
  ☆108Updated last month
• Gui774ume / network-security-probe
  A process level network security monitoring and enforcement project for Kubernetes, using eBPF
  ☆43Updated 5 years ago
• StamusNetworks / suricata-language-server
  Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…
  ☆78Updated last month
• mole-ids / mole
  Yara powered NIDS with high speed packet capture powered by PF_RING
  ☆69Updated last year
• OISF / suricata-verify
  Suricata Verification Tests - Testing Suricata Output
  ☆112Updated 2 weeks ago
• zeek / zeek-agent-v2
  Open source endpoint agent providing host information to Zeek. [v2]
  ☆85Updated 3 weeks ago
• falcosecurity / event-generator
  Generate a variety of suspect actions that are detected by Falco rulesets
  ☆106Updated 2 months ago
• falcosecurity / rules
  Falco rule repository
  ☆130Updated last week
• rad-security / fingerprints
  A repository to store Rad Fingerprinting data.
  ☆24Updated last year
• falcosecurity / driverkit
  Kit for building Falco drivers: kernel modules or eBPF probes
  ☆66Updated this week
• Cisco-Talos / osquery_queries
  Cisco Orbital - Osquery queries by Talos
  ☆134Updated 11 months ago
• elastic / ebpf
  Elastic's eBPF
  ☆69Updated 3 weeks ago
• zeek / zeek-agent
  This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2
  ☆123Updated 4 years ago
• spyre-project / spyre
  simple YARA-based IOC scanner
  ☆169Updated this week
• Gui774ume / krie
  Linux Kernel Runtime Integrity with eBPF
  ☆180Updated last year
• corelight / ecs-mapping
  Mapping Corelight or Zeek data to Elastic Common Schema fields
  ☆34Updated last month
• OpenSCAP / oval-graph
  Understand OVAL results in a blink of an eye
  ☆35Updated 3 years ago
• brimdata / brimcap
  Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)
  ☆83Updated 3 months ago
• sealingtech / EDCOP
  Expandable Defensive Cyber Operations Platform
  ☆43Updated 2 years ago
• vulsio / go-cti
  Build a local copy of MITRE ATT&CK and CAPEC. Server mode for easy querying.
  ☆33Updated last month
• Zeerg / helix-honeypot
  K8s API Honeypot with Active Defense Capabilities
  ☆40Updated last year
• redcanaryco / ebpfmon
  ☆89Updated last year
• linux-lock / bpflock
  bpflock - eBPF driven security for locking and auditing Linux machines
  ☆149Updated 3 years ago
• chainguard-dev / osqtool
  Automated testing, generation & manipulation of #osquery packs
  ☆73Updated 9 months ago
• vulsio / go-cpe-dictionary
  Build a local copy of CPE(Common Platform Enumeration)
  ☆103Updated last month
• aquasecurity / vuln-list-update
  ☆185Updated this week
• ossec / ossec-rules
  A repository for OSSEC rules and decoders
  ☆54Updated last year
• corelight / zeek-long-connections
  Zeek package for tracking long connections to report them before they have completed.
  ☆30Updated 3 weeks ago
• ancat / egrets
  egrets monitors egress
  ☆46Updated 5 years ago
• wiz-sec-public / peach-framework
  PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…
  ☆71Updated 2 years ago