mirror of
https://github.com/fabacab/awesome-cybersecurity-blueteam.git
synced 2024-12-11 00:34:29 -05:00
6.1 KiB
6.1 KiB
Awesome Cybersecurity Blue Team
A collection of awesome resources, tool, and other shiny things for cybersecurity blue teams.
Cybersecurity blue teams are groups of individuals who identify security flaws in information technology systems, verify the effectiveness of security measures, and monitor the systems to ensure that implemented defensive measures remain effective in the future. For offensive TTPs, please see awesome-pentest.
Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.
Contents
- Firewalling distributions
- Honeypots
- Host-based tools
- Network Security Monitoring (NSM)
- Network perimeter defenses
- Security Information and Event Management (SIEM)
- Service and performance monitoring
- Threat intelligence, analytics, and reporting
- Tor Onion service defenses
- Transport-layer defense
Firewalling distributions
- OPNsense - FreeBSD based firewall and routing platform.
- pfSense - Firewall and router FreeBSD distribution.
Honeypots
See also awesome-honeypots.
- CanaryTokens - Self-hostable honeytoken generator and reporting dashboard; demo version available at CanaryTokens.org.
Host-based tools
- Artillery - Combination honeypot, filesystem monitor, and alerting system designed to protect Linux and Windows operating systems.
- Fail2Ban - Intrusion prevention software framework that protects computer servers from brute-force attacks.
Network Security Monitoring (NSM)
- Bro - Powerful network analysis framework focused on security monitoring.
- Snort - Widely-deployed, Free Software IPS capable of real-time packet analysis, traffic logging, and custom rule-based triggers.
- SpoofSpotter - Catch spoofed NetBIOS Name Service (NBNS) responses and alert to an email or log file.
- Suricata - Free, cross-platform, IDS/IPS with on- and off-line analysis modes and deep packet inspection capabilities that is also scriptable with Lua.
- Wireshark - Free and open-source packet analyzer useful for network troubleshooting or forensic netflow analysis.
- netsniff-ng - Free and fast GNU/Linux networking toolkit with numerous utilities such as a connection tracking tool (
flowtop
), traffic generator (trafgen
), and autonomous system (AS) trace route utility (astraceroute
).
Network perimeter defenses
- fwknop - Protects ports via Single Packet Authorization in your firewall.
Security Information and Event Management (SIEM)
- AlienVault OSSIM - Single-server open source SIEM platform featuring asset discovery, asset inventorying, behavioral monitoring, and event correlation, driven by AlienVault Open Threat Exchange (OTX).
- Fast Incident Response (FIR) - Cybersecurity incident management platform allowing for easy creation, tracking, and reporting of cybersecurity incidents.
- Prelude SIEM OSS - Open source, agentless SIEM with a long history and several commercial variants featuring security event collection, normalization, and alerting from arbitrary log input and numerous popular monitoring tools.
Service and performance monitoring
- Icinga - Modular redesign of Nagios with pluggable user interfaces and an expanded set of data connectors, collectors, and reporting tools.
- Nagios - Popular network and service monitoring solution and reporting platform.
- OpenNMS - Free and feature-rich networking monitoring system supporting multiple configurations, a variety of alerting mechanisms (email, XMPP, SMS), and numerous data collection methods (SNMP, HTTP, JDBC, etc).
Threat intelligence, analytics, and reporting
- GRASSMARLIN - Provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) by passively mapping, accounting for, and reporting on your ICS/SCADA network topology and endpoints.
- Unfetter - Identifies defensive gaps in security posture by leveraging Mitre's ATT&CK framework.
Tor Onion service defenses
- OnionBalance - Provides load-balancing while also making Onion services more resilient and reliable by eliminating single points-of-failure.
- Vanguards - Version 3 Onion service guard discovery attack mitigation script (intended for eventual inclusion in Tor core).
Transport-layer defenses
- OpenVPN - Open source, SSL/TLS-based virtual private network (VPN).
License
This work is licensed under a Creative Commons Attribution 4.0 International License.