Defensive Security Tools

Cortex: a Powerful Observable Analysis and Active Response Engine

Digging Deeper....

Adversary tradecraft detection, protection, and hunting

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Cuckoo Sandbox is an automated dynamic malware analysis system

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Snort++

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.