It help to scans cloud infrastructure provisioned using Terraform, Cloudformation or kubernetes and detects security and compliance misconfigurations.
Friday, May 15, 2020
Monday, November 11, 2019
SIEMonster Security Information and Event Management (SIEM):built on customizable, components. Included is UEBA, Bro, Suricata, The Hive, Cortex, Apache Ni-Fi, Kafka, MISP and Wazuh.
SIEMonster is a collection of the best open source security tools and our own development as professional hackers to provide a SIEM for everyone. We showcase the latest and greatest tools for security professionals and our Community Edition v.4 Fully Loaded has it all. Designed for smaller organizations, charities, classrooms or even those who just want to check out our Fully Loaded SIEM. This edition is completely free, for the community and to be supported by the community.
Community Edition gives you the ability to monitor all network assets in an affordable scalable solution. This single server solution makes it easier for organizations who only have 1-100 endpoints. To access the Community Edition you will need to sign up to the Community Portal, which is available via the download button on our website. There you will also find all the resources you will need to help install and learn about SIEMonster. We have created an admin guide and videos for you. You are also encouraged to interact with other Community Edition users for support or just share how you are using the SIEM and even help out another user, after all that’s what Community is all about.
SIEMonster’s slogan is SIEM for everyone and this is why our prices are so affordable. Whether you are a small, medium or large enterprise we have the right product and licensing for you.
Pre Requisites :
You will need a minimum of 32GB RAM and 8 VCPU’s of power.
Note: Community edition will monitor up to 100 endpoints at 5,000 EPS as it’s designed to give you a taste and allow you to play with the product for as long as you like.
When you’re ready to get serious, let us know, and we’ll help you with our other editions.
Reference : Docs | Videos
Sunday, November 3, 2019
Apache Metron:integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.
Apache Metron can be used as a SIEM system. It offers a variety of options that make up a SIEM system. First, you can save data over a long period of time.
Because Apache Metron is designed as a big data solution, the open source solution can handle data lakes too.
Simply put, data lakes are an in-house storage option for all data and sources. Business users can access and analyze the data based on their permissions. Usually the data in Data Lake is unmodified, so it will not be transformed. The Data Lake is accessed by various analysis tools, which convert the data for their own use.
Nice Intro Video
Current Release: 0.7.1
Download Link :
Wednesday, October 30, 2019
A free tool that gives enterprises visibility into cyber exposure caused
by the proliferation of cloud services and ability to tackle the visibility gap
caused by unsanctioned IT.
Cofense CloudSeeker - free utility starts with a catalog of popular SaaS applications and checks each to see if a domain has been configured for use. Once the scan is complete, export the data for a better understanding of potential issues.
Give insight into which apps are in use
Uncover applications provisioned without IT’s knowledge
Uncover risks to your organization
Link : https://cofense.com/cloudseeker/
Thursday, September 26, 2019
DocBleach:is an advanced Content Disarm and Reconstruction open source software. Its objective is to remove misbehaving dynamic content from your Office files, or everything that could be a threat to the safety of your computer.
DocBleach allows you to sanitize your Word, Excel, PowerPoint, PDF, ... documents. This repository contains the DocBleach Web API, packaged as a docker service. Two clicks and you'll feel safer.
Let's assume your job involves working with files from external sources, for instance reading resumes from unknown applicants. You receive for example a .doc file, your anti-virus doesn't detect it as harmful, and you decide to open it anyway. You get infected. You can use DocBleach to sanitize this document: chances are you don't get infected, because the dynamic content isn't run.
Howto'sTo build DocBleach, use Maven:
$ mvn clean package ... [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 10.696 s [INFO] Finished at: 2016-12-19T17:36:10+01:00 [INFO] Final Memory: 29M/234M [INFO] ------------------------------------------------------------------------
The final jar is stored in
To use DocBleach, you may either use the Web Interface or run it in CLI:
java -jar docbleach.jar -in unsafe_document.doc -out safe_doc.doc
The output file may be a relative/absolute path, or a dash (
If a dash is given, the input will be taken from stdin, and the output will be sent to stdout.
DocBleach's information (removed threats, errors, ...) are sent to stderr.
Download Link :
DocBleach - Online ( Hosted in OVH )Sanitizes a potentially dangerous file (Office Document, PDF), by removing macros and other active contents.
Friendly reminder: do NOT post sensitive documents here, unless you trust this page owner.
Online Link : https://www.docbleach.ovh/
Sunday, September 15, 2019
Bro (Zeek) - Threat Hunting Tool:A powerful framework for network traffic analysis and security monitoring.Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.
Note that "Zeek" is the new name of what used to be known as the "Bro" network security monitoring system.
Zeek ships with analyzers for many protocols, enabling high-level semantic
analysis at the application layer.
Adaptable and Flexible
Zeek's domain-specific scripting language enables site-specific monitoring
policies and means that it is not restricted to any particular detection
Zeek targets high-performance networks and is used operationally at a variety
of large sites.
Zeek keeps extensive application-layer state about the network it monitors
and provides a high-level archive of a network's activity.
Sunday, September 1, 2019
Compromise Assessment / Triage Analysis Tools :
Two best tools to do the triage analysis , once the system is suspect for compromise.
Redline - FireEye
CrowdResponse - CrowdStrike
FireEye's premier free endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.
- Thoroughly audit and collect all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history.
- Analyze and view imported audit data, including the ability to filter results around a given timeframe using Redline’s Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features.
- Streamline memory analysis with a proven workflow for analyzing malware based on relative priority.
- Perform Indicators of Compromise (IOC) analysis. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.
- Supported Operating Systems: Windows XP, Windows Vista, Windows 7, Windows 8 (32-bit and 64-bit), Windows 10
- File Size: 76 MB
- Integrity Hashes:
- MD5: 2edb1d0e023f286ea5015cdf1382d642
- SHA-1: e38fe8cc81dc5491d38b61db0fff165cdd3ed35d
Static Host Data Collection Tool.
There is no installer for this tool. Simply unzip the contents of the downloaded ZIP file into a location of your choosing and launch it directly from there. Similarly for uninstalling; simply delete the file(s) you extracted by moving them to the Recycle Bin or permanently deleting them. It is possible there may be a very small number of elements that remain in the Registry.
There can be safely ignored or manually deleted by using a registry editing tool (e.g. regedit) and navigating to
HKEY_CURRENT_USER\Software\CrowdStrikeand noting the name of the tool there and removing the branch.
- MD5 c94edf14e5e1b205813b949b7904b95e
- SHA1 bf48a7c0e32fd8f67b11eebb69f836a60de2f9e1
- SHA256 3b5f07d83af34f16f79f8cc1f77d6a0827d7dee57a4be8f667767ce325ac5d00
Download Link :