nsm

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

翻译 - Zeek是功能强大的网络分析框架，与您可能知道的典型IDS有很大不同。

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

翻译 - Moloch是一个开源，大规模，完整的数据包捕获，索引和数据库系统。

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

翻译 - OISF维护的Suricata git存储库

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

The Hybrid/Multi-cloud IP Service Mesh

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

Passive DNS Capture and Monitoring Toolkit

A Suricata Docker image.

The tool for updating your Suricata rules.

** README ** This repo has MOVED to https://github.com/quadrantsec/sagan

#Awesome#A curated list of awesome things related to Suricata

Suricata rules for network anomaly detection

The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.

Cyber Defence Monitoring Course Suite :: Suricata, Arkime (and others in the past)

Assists music production by grouping standalone programs into sessions. Community version of "Non Session Manager".

Mapping NSM rules to MITRE ATT&CK

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

Documentation for Zeek

A package manager for Zeek