|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Trivy||19,407||56||a day ago||204||November 06, 2023||198||apache-2.0||Go|
|Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more|
|Nuclei||15,502||10||a day ago||381||September 16, 2023||195||mit||Go|
|Fast and customizable vulnerability scanner based on simple YAML based DSL.|
|Bettercap||14,791||24 days ago||61||April 21, 2021||169||other||Go|
|The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.|
|Trufflehog||12,756||6||6||4 days ago||42||April 28, 2021||188||agpl-3.0||Go|
|Find and verify credentials|
|Routersploit||11,548||14 days ago||108||other||Python|
|Exploitation Framework for Embedded Devices|
|Rustscan||11,148||1||3 months ago||18||November 07, 2022||128||gpl-3.0||Rust|
|🤖 The Modern Port Scanner 🤖|
|Dirsearch||10,552||6 days ago||8||October 03, 2022||60||Python|
|Web path scanner|
|Awesome Security||10,497||18 days ago||16||mit|
|A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.|
|Vuls||10,386||3 days ago||162||November 20, 2023||79||gpl-3.0||Go|
|Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices|
|Tsunami Security Scanner||7,940||4||2 months ago||18||July 25, 2023||41||apache-2.0||Java|
|Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.|
These resources are intended to guide a SIEM team to...
Without covering the basics, there isn't much point in having a SIEM. Harden your environment and configure appropriate auditing on all endpoints.
To detect an attacker, one must be equipped with the necessary logs to reveal their activities. Here we use a matrix to map detection tactics to attacker tactics (Mitre ATT&CK).
Once necessary logs are collected (detection tactics), use various methods to reveal anomalous, suspicious, and malicious activity.
Use Cases provide a means to document solutions for many reasons including tracking work, uniform response, content recreation, metrics & reporting, making informed decisions, avoiding work duplication, and more.
These efforts can provide significant benefits to some ingested logs. Typically enrichment will result in either adding a new field to events or a lookup table for use in filtering or filling in a field.
Set up a lab with a Windows system, a SIEM, and an attacking system to aid in detection research and development.