Kali Linux 2023.1 introduces 'Purple' distro for defensive security

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Security Compliance log-analysis vulnerability-detection Cybersecurity

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • kali-purple

    • https://gitlab.com/kalilinux/kali-purple/documentation/-/raw...

  • pentoo-overlay

    Gentoo overlay for security tools as well as the heart of the Pentoo Livecd

    • Probably of less broad appeal but another option to add to the mix for anyone who happens to be running Gentoo is the Pentoo overlay https://github.com/pentoo/pentoo-overlay

    The Github repo is also a nice browseable categorised directory tree of security tooling

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • Malcolm

    Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

    • The heavy lifting of this is CISA's Malcom [1]. Unfortunately the blog posts only provides a non-linked bullet to it [2]. Seth Grover, the main driver behind Malcom, put a lot of effort over the years into creating a turnkey soc-in-a-box distro that works especially well for an network-first approach. Endpoint isn't neglected, but the focus on Zeek, Suricata, Arkime shows the primary visibility drivers. This is not surprising, because CISA also developed a bunch of custom ICS protocol dissectors that provide visibility (DNP3, Modbus, etc.). The list is impressive [3]. All of this is turnkey available by running Malcom. Especially for OT, where we have a lot more unmanaged black boxes and networks that you don't wanna actively scan (factories have been brought down this way), passively watching is a safe and powerful approach.

    It's a bit unfortunate that Kali didn't give the props to Seth's project (not even an outbound link). Perhaps this was just an oversight, or a spotlight blog post is coming later, but I hope that the history of this gets properly acknowledged, because it's darn clear where this comes from.

    [1]: https://github.com/cisagov/Malcolm

    [2]: https://www.kali.org/blog/kali-linux-2023-1-release/

    [3]: https://cisagov.github.io/Malcolm/docs/protocols.html

  • Wazuh

    Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

    • I wish there was also wazuh [1] included. That's where open source EDR is currently at.

    [1] https://wazuh.com/

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts