Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

A Linux packet crafting tool.

Respounder detects presence of responder in the network.

An open standard for hashing network flows into identifiers, a.k.a "Community IDs".

Mapping NSM rules to MITRE ATT&CK

A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.

A website and framework for testing NIDS detection

Real-time Packet Observation Tool

Automation of VPC Traffic Mirror Sessions in AWS

Highly customizable low-interaction experimental honeypot that mimics specific hosts.

Jxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).

A Python implementation of the Community ID flow hashing standard

A machine learning program, that detects denial of service attack using machine learning technique.

Go implementation of the Community ID flow hashing standard

A set of tools and procedures for automating NSM and NIDS deployments in AWS

This TA takes Suricata5 data from your port mirrored Suricata server and makes it readable within Splunk. See Cheatsheets on how to setup a Suricata Port Mirrored Server

This repository shows all the hands on experience on Palo Alto Firewall, assignment and projects I have done in My Palo Alto Specialization Journey.

Templates for writing applications using Zeek NSM communication library Broker

Linux Network Defense Scripting (BASH)

A Full Fledged iptables Firewall automation framework For Linux with Log monitoring..