Alternatives and similar repositories for threatbus

Users that are interested in threatbus are comparing it to the libraries listed below

• tenzir / tenzir

  View on GitHub
  Tenzir is the data pipeline engine for security teams.
  ☆719Updated this week
• SecurityRiskAdvisors / RedTeamSIEM

  View on GitHub
  Repository of resources for configuring a Red Team SIEM using Elastic
  ☆101Jul 10, 2018Updated 7 years ago
• tenzir / zeek-tenzir

  View on GitHub
  Enables Zeek to communicate with Tenzir
  ☆11Jul 20, 2023Updated 2 years ago
• tylabs / dovehawk

  View on GitHub
  Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
  ☆122Jul 12, 2021Updated 4 years ago
• CriticalPathSecurity / Zeek-Intelligence-Feeds

  View on GitHub
  Zeek-Formatted Threat Intelligence Feeds
  ☆384Updated this week
• SecurityRiskAdvisors / sra-taxii2-server

  View on GitHub
  TAXII 2.0 Server implemented in Node JS with MongoDB backend
  ☆12Jan 3, 2023Updated 3 years ago
• traut / stixview

  View on GitHub
  STIX2 graph visualisation library in JS
  ☆95Feb 7, 2026Updated last week
• csirtgadgets / bearded-avenger

  View on GitHub
  CIF v3 -- the fastest way to consume threat intelligence
  ☆183Apr 20, 2023Updated 2 years ago
• tenzir / dockerized-zeek

  View on GitHub
  Dockerized Zeek
  ☆12Mar 9, 2024Updated last year
• InQuest / ThreatIngestor

  View on GitHub
  Extract and aggregate threat intelligence.
  ☆902Jan 31, 2024Updated 2 years ago
• cyberdefenders / DetectionLabELK

  View on GitHub
  DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
  ☆573Dec 12, 2021Updated 4 years ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,723Mar 20, 2024Updated last year
• opencybersecurityalliance / firepit

  View on GitHub
  Firepit - STIX Columnar Storage
  ☆17Jun 5, 2024Updated last year
• MISP / misp-training

  View on GitHub
  MISP trainings, threat intel and information sharing training materials with source code
  ☆422Dec 17, 2025Updated last month
• activecm / rita-legacy

  View on GitHub
  Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…
  ☆2,514Jan 12, 2026Updated last month
• mitre-attack / bzar

  View on GitHub
  A set of Zeek scripts to detect ATT&CK techniques.
  ☆620Jun 26, 2024Updated last year
• corelight / cve-2021-44228

  View on GitHub
  Log4j Exploit Detection Logic for Zeek
  ☆19Nov 25, 2025Updated 2 months ago
• yeti-platform / yeti

  View on GitHub
  Your Everyday Threat Intelligence
  ☆1,949Updated this week
• theparanoids / rdfp

  View on GitHub
  Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt
  ☆40Jun 20, 2023Updated 2 years ago
• certtools / intelmq

  View on GitHub
  IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
  ☆1,107Dec 2, 2025Updated 2 months ago
• fhightower / ioc-finder

  View on GitHub
  Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security relate…
  ☆179Nov 16, 2023Updated 2 years ago
• MISP / misp-book

  View on GitHub
  User guide of MISP
  ☆283Dec 31, 2024Updated last year
• oasis-open / cti-python-stix2

  View on GitHub
  OASIS TC Open Repository: Python APIs for STIX 2
  ☆414Feb 9, 2026Updated last week
• corelight / community-id-spec

  View on GitHub
  An open standard for hashing network flows into identifiers, a.k.a "Community IDs".
  ☆193Sep 23, 2024Updated last year
• thalesgroup-cert / Watcher

  View on GitHub
  Watcher - Open Source AI-powered Cyber Threat Intelligence & Hunting Platform. Developed with Django & React JS.
  ☆1,121Updated this week
• Patrowl / PatrowlEngines

  View on GitHub
  PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
  ☆247Jan 14, 2026Updated last month
• ninoseki / mihari

  View on GitHub
  A query aggregator for OSINT based threat hunting
  ☆930Jan 23, 2026Updated 3 weeks ago
• DynamiteAI / dynamite-nsm

  View on GitHub
  DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat det…
  ☆172May 23, 2023Updated 2 years ago
• xme / fpc

  View on GitHub
  Full Packet Capture for the Masses
  ☆14Sep 13, 2018Updated 7 years ago
• target / strelka

  View on GitHub
  Real-time, container-based file scanning at enterprise scale
  ☆974Updated this week
• dfirtrack / dfirtrack

  View on GitHub
  DFIRTrack - The Incident Response Tracking Application
  ☆532Jan 13, 2026Updated last month
• mitre-attack / attack-workbench-taxii-server

  View on GitHub
  An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…
  ☆42Jan 20, 2026Updated 3 weeks ago
• opensourcesec / Forager

  View on GitHub
  Multithreaded threat Intelligence gathering built with Python3
  ☆177Jan 23, 2018Updated 8 years ago
• rabobank-cdc / DeTTECT

  View on GitHub
  Detect Tactics, Techniques & Combat Threats
  ☆2,263Jan 21, 2026Updated 3 weeks ago
• JustinAzoff / gotm

  View on GitHub
  Full packet capture with flow cutoff, rotation, and compression
  ☆15Sep 18, 2018Updated 7 years ago
• OTRF / OSSEM-DM

  View on GitHub
  OSSEM Detection Model
  ☆184Oct 11, 2022Updated 3 years ago
• inodee / threathunting-spl

  View on GitHub
  Splunk code (SPL) for serious threat hunters and detection engineers.
  ☆289Jan 15, 2024Updated 2 years ago
• opencybersecurityalliance / stix-shifter

  View on GitHub
  This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return resul…
  ☆260Feb 9, 2026Updated last week
• ioc-fang / ioc-fanger

  View on GitHub
  Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
  ☆68Oct 2, 2023Updated 2 years ago