SIEM & Threat Detection OSS tools — 17 tracked with release & CVE alerts

Zircolite Healthy open source

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Splunk Security Content Healthy open source

Splunk Security Content

Maltrail Mixed open source

Malicious traffic detection system

Zeek Healthy open source

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

crowdsec At Risk open source 1 tracking

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

Canary Tokens Mixed open source

Generates lightweight, embedded honeypot triggers called canary tokens for detecting unauthorized access.

Netcap Mixed open source

A framework for secure and scalable network traffic analysis - https://netcap.io

Fail2Ban-Report At Risk open source

Web-based dashboard for Fail2Ban log filtering and blocklist control

Sigma Healthy open source

Main Sigma Rule Repository

YARA At Risk open source

The pattern matching swiss knife

Intel Owl Mixed open source

IntelOwl: manage your Threat Intelligence at scale

PlumHound At Risk open source

Bloodhound Reporting for Blue and Purple Teams

Hayabusa Mixed open source

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

ntopng Mixed open source

Web-based Traffic and Security Network Traffic Monitoring

wazuh Healthy open source

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

tirreno At Risk open source

tirreno is an open-source security framework. Event tracking, threat detection, and risk scoring for any application.

hollows_hunter At Risk open source

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Tools