A curated knowledge base to build, run and mature a SOC (including CSIRT).

A Suricata based NDR distribution

Threat-hunting tool for Linux

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

Transform Linux Audit logs for SIEM usage

monitor macOS for malicious activity

Open-source framework to detect outliers in Elasticsearch events

LDAP Watchdog: A real-time linux-compatible LDAP monitoring tool for detecting directory changes, providing visibility into additions, modifications, and deletions for administrators and security researchers.

A security monitoring solution for Kubernetes

Cyber Defence Monitoring Course Suite :: Suricata, Arkime (and others in the past)

Defensomania is a security monitoring and incident response card game.

Extract TLS certificates from pcap files or network interfaces, fingerprint TLS client/server interactions with ja3/ja3s

A Passive DNS backend and collector

This TA takes Suricata5 data from your port mirrored Suricata server and makes it readable within Splunk. See Cheatsheets on how to setup a Suricata Port Mirrored Server

O24Sec (Object-Oriented Clustering for Security Monitoring)

This repository creates a docker image for NGINX Instance Manager to run it on Kubernetes, Openshift and docker-compose. Optional integration with Second Sight.

Canary – real-time phishing detection via Certificate Transparency. Monitors CT logs and uses the Aho–Corasick algorithm for ultra-fast multi-keyword matching to flag suspicious certificate issuances within seconds.

PythonSOCModules: Elevate your Security Operations Center (SOC) with Python's Paramiko, Requests, PyShark, Scapy, Matplotlib, and Seaborn modules. Strengthen security monitoring, incident detection, and response.

Serverless Log Search Architecture for Security Monitoring based on Amazon Athena

入門セキュリティ監視

Recipes used by stamusctl to create Clear NDR instances.

Using nix(DevOps) to deploy Network Security Monitoring System on Debian

A smart local proxy that fixes the “No Internet, Secured” error in Windows by safely emulating msftconnecttest.com and restoring real connectivity detection.

A comprehensive integration solution connecting MISP threat intelligence with Wazuh security monitoring for real-time threat detection. This project provides step-by-step instructions for deploying, configuring, and integrating MISP and Wazuh with Sysmon to automatically detect indicators of compromise (IoCs) in your environment.

A PowerShell client for retrieving and searching Sysmon logs

A collection of custom-built dashboards for threat hunting.

Some of my security-related coding projects for OpenBSD: A kernel-based user-profile intrusion detection system (FUPIDS) and an ICMP-based "port-knocking" service (openportd).

Firehose ElasticSearch Kibana Stack for Security Monitoring

Sentinel-C is a modular security testing framework for safe stress testing, network analysis, and resilience evaluation. Designed for learners and professionals, it emphasizes transparency, safety controls, and real-world performance insights.

🥜 Comprehensive Security Intelligence and Reporting Tool for Wazuh SIEM. Generates detailed HTML security reports with MITRE ATT&CK mapping, vulnerability detection, agent health monitoring, and automated email notifications. Production-ready with professional architecture.