#Ids
Showing 35 of 35 repositories tagged #ids, ranked by stars
Daemon to ban hosts that cause multiple authentication errors
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
Main Sigma Rule Repository
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Real-time HTTP Intrusion Detection
WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices
A curated list of amazingly awesome Cybersecurity datasets
A Suricata based NDR distribution
CLOSE ACCESS DENIAL.
Suricata IDS rules 用来检测红队渗透/恶意行为等,支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等
Wazuh - Docker containers
Super short, fully unique, non-sequential and URL friendly Ids
Open-Source Security Architecture | 开源安全架构
Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.
Wazuh - Ruleset
Plugins for Wazuh Dashboard
Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search
Wazuh - Ansible playbook
teler-waf is a Go HTTP middleware that protects local web services from OWASP Top 10 threats, known vulnerabilities, malicious actors, botnets, unwanted crawlers, and brute force attacks.
Suricata rules for network anomaly detection
I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump, IDS (Suricata), SIEM (Splunk, Chronicle), and Python automation.
Code for our USENIX Security 2021 paper -- CADE: Detecting and Explaining Concept Drift Samples for Security Applications
Simple Implementation of Network Intrusion Detection System. KddCup'99 Data set is used for this project. kdd_cup_10_percent is used for training test. correct set is used for test. PCA is used for dimension reduction. SVM and KNN supervised algorithms are the classification algorithms of project. Accuracy : %83.5 For SVM , %80 For KNN
This tool parses log data and allows to define analysis pipelines for anomaly detection. It was designed to run the analysis with limited resources and lowest possible permissions to make it suitable for production server use.
Wazuh - RESTful API
Import specific data sources into the Sigma generic and open signature format.
A kubernetes controller running on bare-metal firewalls, creating nftables rules, configures suricata, collects network metrics
My network monitoring solution and tools that go along with it.
Powerful Kernel Windows Platform for Malware Analysis, SRE, Forensics & Threat Hunting
This repository includes code for the AutoML-based IDS and adversarial attack defense case studies presented in the paper "Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis" published in IEEE Transactions on Network and Service Management.
🛡️ Free AI that blocks hackers while you sleep. Runs on cheap hardware. When someone in Tokyo gets attacked, you're protected in 30 seconds. No fees. No experts needed. Just protection. One node's detection → everyone's protection.
This repository includes code for the paper "Towards Autonomous Cybersecurity: An Intelligent AutoML Framework for Autonomous Intrusion Detection" accepted in AutonomousCyber, ACM CCS, 2024.
Investigating attacks using Splunk Enterprise logs and creating SPL intrusion detection searches based on known attacker TTPs and anomaly behavior derived from statistical baselines
Machine Learning-based Intrusion Detection System (IDS) tailored for resource-constrained networks
Este proyecto es un simulador de ciberseguridad diseñado para entornos educativos. Permite a estudiantes practicar técnicas de ataque y defensa en un entorno controlado, replicando situaciones reales de ciberseguridad sin riesgo para sistemas en producción.