Network Analysis

  • Wireshark: A widely-used network protocol analyzer for packet-level captures and real-time analysis.
  • pfSense: A free, open-source firewall and routing platform.
  • Arkime: A packet capture and indexing tool designed for high-performance network analysis and security monitoring.
  • Snort: An open-source network intrusion detection system (NIDS) that analyzes traffic for suspicious activity.

Incident Management

  • TheHive: An open-source, scalable incident response and case management platform that enables analysts to collaborate, analyze, and remediate security incidents.
  • GRR Rapid Response: An incident response framework for remotely accessing and managing endpoints.

Threat Intelligence

  • Misp: A free, open-source threat intelligence platform for collecting, sharing, and correlating Indicators of Compromise (IOCs).
  • MSTICPy: A Python package for security investigation and threat hunting using Microsoft Security Graph and other data sources.

EDR

  • Cortex XDR: A cloud-based endpoint detection and response (EDR) platform that provides advanced threat detection, investigation, and response capabilities.
  • Cynet 360: An autonomous breach protection platform that combines endpoint protection, EDR, and automated investigation and remediation.
  • FortiEDR: An endpoint detection and response (EDR) solution that provides real-time visibility and automated response to advanced threats.

OS Analysis

  • HELK: The Hunting ELK (Elasticsearch, Logstash, and Kibana) stack for threat hunting and security analytics.
  • Volatility: An advanced memory forensics framework for analyzing Windows, Linux, and macOS memory dumps.
  • Wazuh: An open-source security monitoring solution that collects and analyzes host-based security data, including log analysis, file integrity monitoring, and intrusion detection.
  • RegRipper: A free, open-source Windows Registry analysis tool.
  • OSSEC: An open-source host-based intrusion detection system (HIDS) that performs log analysis, file integrity monitoring, and rootkit detection.
  • osquery: An open-source, cross-platform SQL-powered operating system instrumentation, monitoring, and analytics framework.

Honeypots

  • Кірро: A low-interaction SSH honeypot written in Go
  • Cowrie: A medium interaction SSH and Telnet honeypot
  • Dockpot: A high-interaction Docker honeypot
  • HonSSH: A high-interaction SSH honeypot

SIEM

  • OSSIM: An open-source SIEM platform
  • Splunk: A commercial SIEM platform
  • LogRhythm: A commercial SIEM platform
  • Graylog: An open-source log management and SIEM solution