The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 11 suricatum Open-Source Projects
-
Suricata
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
-
PacketStreamer
:star: :star: :star: Distributed tcpdump for cloud native environments :star: :star: :star:
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Malcolm
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
-
Malcolm
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. (by idaholab)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
py-idstools
idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)
-
impulse-xdr
Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools.
Also: - https://github.com/deepfence/PacketStreamer
Project mention: Vector: A high-performance observability data pipeline | news.ycombinator.com | 2024-03-17We're building something similar at Tenzir, but more for operational security workloads. https://docs.tenzir.com
Differences to Vector:
- An agent has optional indexed storage, so you can store your data there and pick it up later. The storage is based on Apache Feather, Parquet's little brother.
- Pipelines operators both work with data frames (Arrow record batches) or chunks of bytes.
- Structured pipelines are multi-schema, i.e., a single pipeline can process streams of record batches with different schemas.
Also have an instance of S1EM - https://github.com/V1D1AN/S1EM - running, monitoring my home LAN, firewall etc. It's huge overkill, and your machine may struggle to run it if you ran anything else with it, but might be worth looking at.
I like this a lot. We have a in-house Snort 2 forwarder that does a similar thing with https://github.com/jasonish/py-idstools and forwards the result directly using HEC. We could use the same code base for dnstap if we wanted.
suricata related posts
- How do I ensure safety when making a honeypot?
- How to setup a honeypot with an IDS, ELK and TLS traffic inspection
- How to setup a honeypot with an IDS, ELK and TLS traffic inspection
- How to setup a honeypot with an IDS, ELK and TLS traffic inspection
- How to setup a honeypot with an IDS, ELK and TLS traffic inspection
- Getting a lot of BF attempts on my server, any tips/ways to cut this out?
- Rules update during system installation
-
A note from our sponsor - WorkOS
workos.com | 24 Apr 2024
Index
What are some of the best open-source suricatum projects? This list will help you:
Project | Stars | |
---|---|---|
1 | Suricata | 4,034 |
2 | PacketStreamer | 1,855 |
3 | Malcolm | 1,736 |
4 | tenzir | 609 |
5 | pulledpork | 415 |
6 | S1EM | 385 |
7 | Malcolm | 309 |
8 | py-idstools | 268 |
9 | how-to-setup-a-honeypot | 139 |
10 | impulse-xdr | 99 |
11 | SplunkDashboards | 49 |
Sponsored