Top pick
Pattern matching for malware researchers—rules over files, memory, and streams in IR pipelines.
malwaredetectionthreat-huntingir
Browse & filter
Filter by platform, license text, maturity, maintenance cadence, and editorial tags like privacy-focused or self-hosted. Search matches names, summaries, tags, and use cases.
8 tools match your filters
Top pick
High-performance IDS/IPS and network security monitoring with multi-threading, TLS inspection options, and Lua scripting.
idsipsnetworksocdetection
Top pick
Cloud-native runtime security for Linux/Kubernetes: syscall and K8s audit rules with Falcoctl and ecosystem outputs.
kubernetesruntimecontainerscncfdetection
Also strong
Linux runtime security using eBPF to trace OS and container events with prebuilt signatures and pipeline exports.
ebpfruntimecontainerslinuxdetection
Also strong
Generic signature format for SIEM/detection rules convertible to Splunk, Elastic, KQL, and many backends.
detectionsiemrulesthreat-huntingyaml
Top pick
eBPF-based security observability and runtime enforcement: process/exec monitoring, network hooks, and kill primitives integrated with Cilium.
ebpfkubernetesruntime-securityciliumdetection
Honorable mention
Open Windows EDR-oriented agent using Sysmon/ETW feeds with detection-driven artifact collection and MISP/Elastic export.
edrwindowssysmondetectionartifacts
Also strong
Thinkst low-interaction honeypot daemon emulating services (SSH, HTTP, SMB, etc.) to generate tamper-evident intrusion signals.
honeypotdeceptiondetectionnetworksensor