Browse & filter

High-performance IDS/IPS and network security monitoring with multi-threading, TLS inspection options, and Lua scripting.

Classic packet-sniffing IDS/IPS with rule language and community rule feeds; Snort 3 improves scaling.

Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.

Threat intelligence sharing platform: IOCs, galaxies, taxonomies, sync between communities, and API automation.

Open cyber threat intelligence platform with knowledge graph, connectors (MISP, STIX/TAXII), and investigation UI.

Security incident response platform: cases, tasks, observables, MISP sync, and timeline collaboration.

Observable analysis engine powering TheHive: run analyzers and responders against IOCs via a unified API.

Open-source security automation (SOAR) with visual workflows, webhooks, and app integrations for SOC glue code.

Endpoint visibility and DFIR: Velociraptor Query Language (VQL), hunts, notebooks, and artifact packs across fleets.

Linux distribution and platform bundling Zeek, Suricata, Elastic stack, and analyst UIs for NSM and log hunting.

Large-scale full packet capture, indexing, and search (SPIE) with a web UI—successor to the Moloch lineage for NSM teams.

Collaborative incident response platform: cases, timelines, evidence, tasks, and integrations with MISP, VT, and webhooks.

Analyze files, IPs, domains, and URLs in one request by fanning out to many free/TI analyzers (YARA, PE, DNS, etc.).