Intrusion Detection
Showing 36 of 60 projects
A comprehensive, evolving guide to hardening a Linux server with practical steps and security best practices.
A SQL-powered framework for instrumenting, monitoring, and analyzing operating systems across Linux, macOS, and Windows.
A SQL-powered framework for instrumenting, monitoring, and analyzing operating systems across Linux, macOS, and Windows.
A daemon that scans log files and bans IP addresses with too many failed authentication attempts using firewall rules.
An open-source unified XDR and SIEM platform for threat prevention, detection, and response across endpoints and cloud workloads.
An open-source, participative security engine that detects and blocks malicious IPs using crowdsourced threat intelligence.
A curated list of awesome honeypot resources, tools, and related components for cybersecurity research and defense.
A malicious traffic detection system that monitors network traffic for blacklisted threats and suspicious activities using public feeds and heuristics.
An SSH tarpit that slowly sends an endless banner to trap and waste attackers' time.
A lightweight network IP scanner with a web GUI that monitors hosts, sends notifications, and exports data to Grafana.
An open-source platform for collecting, storing, sharing, and acting upon cybersecurity threat intelligence and indicators.
Open Source Host-based Intrusion Detection System performing log analysis, file integrity checking, rootkit detection, and active response.
A curated list of open-source and research tools for capturing, analyzing, and processing network packet captures (PCAP files).
A Linux distribution for threat hunting, enterprise security monitoring, and log management.
Open source Runtime Application Self-Protection (RASP) solution that integrates security directly into application servers via instrumentation.
A modular, low-resource network honeypot that mimics services to detect breaches and alert on attacker interactions.
A centralized management and data collection server for deploying and monitoring multiple honeypot sensors.
Deploy honeytokens across your network to detect unauthorized access and data exfiltration attempts.
A suite of network fingerprinting standards for TLS, TCP, HTTP, SSH, and other protocols to facilitate threat detection and security analysis.
A high-performance packet capture solution that buffers all network traffic to disk for fast retrieval of specific subsets.
A lightweight SSH honeypot that logs all connection attempts and activity without executing commands.
A medium interaction SSH honeypot that logs brute force attacks and attacker shell interactions.
A Linux distribution for network detection and response (NDR) built around Suricata, providing a complete NDR platform.
Database security suite providing field-level encryption, SQL injection prevention, and intrusion detection for sensitive data.
A lightweight utility to generate malicious network traffic patterns for evaluating security controls and network visibility.
An extensible open-source framework for running, monitoring, and managing honeypots to detect and analyze cyber threats.
An open-source blue team tool that protects Linux and Windows systems via honeypots, monitoring, and alerting.
A Python package with 30 low-high level honeypots for monitoring network traffic, bots, and credential attacks.
A dynamic binary analysis framework based on QEMU for whole-system taint analysis and security research.
A low-interaction honeypot that emulates vulnerable services to capture malware and analyze attacks.
A real-time anomaly detection algorithm for dynamic graph streams, identifying intrusions, fraud, and fake ratings with constant memory and update time.
A scalable, modular object scanner and intrusion detection system that extracts, flags, and enriches files with metadata.
A low-interaction SSH honeypot that logs attacker IPs, usernames, and passwords for security intelligence.
A network fingerprinting standard that identifies SSH client and server implementations via MD5 hashes of algorithm sets.
A honeytoken-based tripwire for detecting Active Directory credential theft and privilege escalation attempts.
A web-based GUI for viewing and managing Suricata EVE security events stored in Elasticsearch or SQLite.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.