Open-Source Blue Team & Threat Detection

by @releaseport · 10 tools

Detect, correlate, and respond to intrusions — host-based SIEMs, network IDS, DFIR endpoint agents, log analyzers, deception traps, and community detection rules.

wazuh open source

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Added 1mo

crowdsec open source

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

1 tracking Added 1mo

Velociraptor open source

Digging Deeper....

Added 1mo

Canary Tokens open source

Generates lightweight, embedded honeypot triggers called canary tokens for detecting unauthorized access.

Added 1mo

Sigma open source

Main Sigma Rule Repository

Added 1mo

fail2ban open source

Daemon to ban hosts that cause multiple authentication errors

Added 1mo

Zeek open source

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Added 1mo

Maltrail open source

Malicious traffic detection system

Added 1mo

Hayabusa open source

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Added 1mo

Intel Owl open source

IntelOwl: manage your Threat Intelligence at scale

Added 1mo

Beta — feedback welcome: [email protected]