This is a compilation of some excellent open source security projects.  I will continue to update this page. Insert in comments below if you have any good reference projects or open source security tools. I am excluding the obvious ones like Metasploit and Bro for example, in this list.

Platform / Host Security

OSQuery from Facebook

Reference Link: https://osquery.io/

Github linkhttps://github.com/facebook/osquery

Commercial Comparison: The commercial equivalent functionality is with Tanium.

Description: osquery gives you the ability to query and log things like running processes, logged in users, password changes, usb devices, firewall exceptions, listening ports, and more. It allows you to easily ask questions about your Linux and OSX infrastructure. Whether your goal is intrusion detection, infrastructure reliability, or compliance

OSSEC

Reference link: http://ossec.net/

Github link: https://github.com/ossec/ossec-hids

Description: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response

SIMP from National Security Agency (NSA)

Reference linkhttp://simp.readthedocs.org/en/latest/

Github linkhttps://github.com/NationalSecurityAgency/SIMP

Description: SIMP keeps networked systems compliant with given security standards. It is a configuration management and more importanly a means for automated compliance checking/validation with excellent out of box integration using Puppet, authentication with OpenLDAP, and other update options.

Cloud Security

Security Monkey from Netflix

Github linkhttps://github.com/Netflix/security_monkey

Description: Security Monkey monitors policy changes and alerts on insecure configurations in an AWS account.

CyberSecurity

GRR from Google

Github link: https://github.com/google/grr

Commercial alternative: FireEye/Mandiant’s MIR incident response platform

Description: GRR Rapid Response is an incident response framework focused on remote live forensics. It has a docker image for you to be up and running in ~2 minutes. It has cross-platform support for Linux, Mac OS X and Windows clients. It can perform live remote memory analysis using open source memory drivers for Linux, Mac OS X and Windows, and the Rekall memory analysis framework.

ThreatExchange from Facebook

Reference link: https://developers.facebook.com/docs/threat-exchange/v2.4

Github link: https://github.com/facebook/ThreatExchange

Description: More than 90 companies are now using Facebook’s cybersecurity platform, ThreatExchange, to share security and threat information. It is a set of RESTful APIs on the Facebook Platform for querying, publishing, and sharing security threat information including exchanging details on malware, phishing pages, and other threats with either specific members of the security community.

MozDef: The Mozilla Defense Platform

Reference link: http://mozdef.readthedocs.org/en/latest/

Github link: https://github.com/jeffbryner/MozDef

Description: The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers. It allows for collaborative incident response, visualizations, and easy integration into other enterprise systems

Scumblr & Sketchy from Netflix

Github linkhttps://github.com/Netflix/Scumblr/wiki

Github linkhttps://github.com/Netflix/sketchy

Description: Scubmlr performs periodic searches and storing / taking actions on the identified results. Things to look for include compromised credentials, vulnerability / hacking discussion, attack discussion, security relevant social media discussion, etc. – anything that can help your security team keep tabs on security- and attack-related social media and Internet chatter. Sketchy works well with Scumblr by taking automatic screenshots, text scrapes, and html files before they can be taken offline. Such information can all be stored locally or on a S3 bucket on Amazon.

Skyline from Etsy

Github linkhttps://github.com/etsy/skyline

Commercial alternative: Anomaly detection system from Nagios

DescriptionSkyline is an real-time anomaly detection system to help security teams with scalable and passive monitoring of potentially hundreds of thousands of metrics. It is designed to be used wherever there are a large quantity of high-resolution timeseries which need constant monitoring. After Skyline detects an anomalous metric, it surfaces the entire timeseries to the webapp, where the anomaly can be viewed and acted upon.

AnomalyDetection from Twitter

Reference link: https://blog.twitter.com/2015/introducing-practical-and-robust-anomaly-detection-in-a-time-series

Github link: https://github.com/twitter/AnomalyDetection

Description: AnomalyDetection is an open-source R package to detect anomalies which is robust, from a statistical standpoint, in the presence of seasonality and an underlying trend.

RTIR REST API

Reference link: https://isc.sans.edu/diary/Automating+Metrics+using+RTIR+REST+API/20087

Github link: https://github.com/tcw3bb/ISC_Posts/blob/master/RTIR-phish-template.py

Description: RTIR is an open source ticketing system for incident response based on Request Tracker. This system can be built based on the Verizon VERIS taxonomy (to compare against Verizon DRIR reports) by creating custom fields that match the categories. This system supports using a REST API(3) to automate the creation of tickets

Securing the Human

Ava

Reference link: http://avasecure.com

Github linkhttps://github.com/SafeStack/ava

Description: AVA maps the realities of your organisation, its structures, and behaviours. This map of people and interconnected entities can then be tested using a unique suite of customisable on-demand and scheduled information security awareness tests. The results of this combine into a detailed risk profile of your organisation unlike any other tool can provide – from the people up.

Similar Posts:

Print Friendly, PDF & Email