Lynis是基于UNIX的系统的安全审计,主要目标是测试安全防御并提供进一步系统强化的提示
This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
翻译 - 本指南详细介绍了如何创建安全的Linux生产系统。 OpenSCAP(C2S / CIS,STIG)。
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
翻译 - immudb是用于系统和应用程序的轻量级高速不可变数据库
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
翻译 - OSSEC是基于开源主机的入侵检测系统,它执行日志分析,文件完整性检查,策略监视,rootkit检测,实时警报和主动响应。
Security automation content in SCAP, Bash, Ansible, and other formats
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra...
翻译 - LunaSec - 安全性和合规性 SDK,可阻止软件中的数据泄漏。只需几行代码,LunaSec 就在您的堆栈中添加了零信任架构、独特的每记录加密以及针对 XSS、SQL 注入和 RCE 等常见安全问题的保护。在这里现场试用:https://app.lunasec.dev
Wazuh - Docker containers
翻译 - Wazuh - Docker containers
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT...
Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
Wazuh - Project documentation
This is the Azure Kubernetes Service (AKS) baseline cluster for regulated workloads reference implementation as produced by the Microsoft Azure Architecture Center.
SIAC is an enterprise SIEM built on open-source technology.
Wazuh - Tools for packages creation