py-idstools
SNORT-GUI
py-idstools | SNORT-GUI | |
---|---|---|
1 | 1 | |
268 | 17 | |
- | - | |
5.6 | 7.7 | |
6 months ago | 8 months ago | |
Python | Python | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
py-idstools
-
Regex Challenge - Field Extraction
I like this a lot. We have a in-house Snort 2 forwarder that does a similar thing with https://github.com/jasonish/py-idstools and forwards the result directly using HEC. We could use the same code base for dnstap if we wanted.
SNORT-GUI
-
What (inexpensive) IDS would you recommend?
If you're looking for an inexpensive ids, snort maybe the way to venture. They regularly update their community rules to zero-day vulnerabilities, but a knowledge of configuring and running snort is required. Would recommend checking out: https://github.com/WhiteHatCyberus/SNORT-GUI
What are some alternatives?
snort-rules - An UNOFFICIAL Git Repository of Snort Rules(IDS rules) Releases. [UnavailableForLegalReasons - Repository access blocked]
Malcolm - Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
wazuh-ruleset - Wazuh - Ruleset
pyp0f - p0f v3 with impersonation spoofing, written in Python - Accurately guess the OS of a packet with passive fingerprinting.
dgad - DGA Detective - Hunt domains generated by Domain Generation Algorithms to identify malware traffic
nfstream - NFStream: a Flexible Network Data Analysis Framework.
scapy - Scapy: the Python-based interactive packet manipulation program & library.
nSpector - A tool to take Nmap scans, and store the results in a queryable database.
StratosphereLinuxIPS - Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.