Open Source SIEM
OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization
ISC dhcpd leases usage analysis
This is dhcpd-pools ISC dhcp shared network and pool range usage analysis. Purpose of command is to count usage ratio of each IP range and shared network pool which ISC dhcpd is in control of. Users of the command are most likely ISPs and other organizations that have large IP space. Program is written C. Design goal is to get analysis done quickly where there is lots of data. On cheap laptop the speed of analysis is roughly 100k leases per second. Number of ranges, or shared networks, does not make any significant difference in getting analysis done.
Free-SA is report generating tool for web, proxy and mail log files
Free-SA is logs processor and report generating tool. It can be used to control traffic usage, to evaluate conformance to the Internet access security policies, to investigate security incidents, to evaluate web server efficiency and to detect troubles with server configuration.
py-rrdtool is a Python module provides an interface to RRDTool, the well known graphing/logging tool.
Snare Enterprise: http://bit.ly/premium_snare
ATTENTION: Snare Lite is unsupported legacy software. While it will remain a part of the SourceForge community, it is no longer secure and compliant. For up to date Snare software check out Snare Enterprise. https://www.intersectalliance.com/why-snare-enterprise/ Snare Enterprise was created to keep up with the fast paced security software market. It started with the desire to create premium logging and SIEM tools that were agnostic by nature so they could be used to boost any SIEM architecture regardless of third party developers. In fact, the agnostic nature allows it to bridge gaps between multiple SIEM implementations across business units. For more on use cases, check out the Intersect Alliance website. https://www.intersectalliance.com/ Snare Enterprise’s premium features include: - Regulatory Compliance - TLS Encryption - Log Simulcasting - TCP – Guaranteed Log Delivery - USB Device Monitoring - And more! For updates follow us on social media!
A multi-platform universal log collector and forwarder
NXLog is a modular, multi-threaded, high-performance log management solution with multi-platform support. In concept it is similar to syslog-ng or rsyslog but is not limited to unix/syslog only. It can collect logs from files in various formats, receive logs from the network remotely over UDP, TCP or TLS/SSL . It supports platform specific sources such as the Windows Eventlog, Linux kernel logs, Android logs, local syslog etc. Writing and reading logs to/from databases is also supported. The collected logs can be stored into files, databases or forwarded to a remote log server using various protocols. The old BSD Syslog and the newer IETF syslog standard is fully supported by NXLog in addition to Snare, XML, JSON, GELF, KVP, CSV and custom formats. A key concept in NXLog is to be able to handle and preserve structured logs. No need to convert everything to syslog and parse these logs again at the other side. It has powerful message filtering, log rewrite and conversion capabilities.
This module converts the log files of your eggdrop to the html format. It also creates a page-calendar with links to that created files.
FW1-Loggrabber is a command-line tool to grab logfiles from Checkpoint FW-1 remotely using Checkpoints LEA (Log Export Api), which is one part of Checkpoints OPSEC API.
repair corrupted pcap and pcapng files
this tool tries to repair your broken pcap and pcapng files by fixing the global header respectively packet blocks and recovering the packets by searching und guessing the packet headers or blocks
Universal IP-traffic collector. Can gather data from Cisco IP Accounting / ipcad, Mikrotik, NSG, Revolution routers.
imsniff is a pcap-based instant messaging sniffer. It captures the IM traffic in the network and is able to log conversations, contact lists, profile information, incoming email notifications, other MSN events, etc. Tested in Linux and Windows.
A full-featured stats plugin for Half-Life 2: Counter-Strike Source. The TerraStats system allows for single website publishing as well as grouped publishing for multiple servers.
The first stage of development is do write a tool to anonymize packet capture files captured with libpcap. After that we will be integrating this with tcpdump to anonymize in real-time and analyze and look for its effect on different IDS's.
IP2Location C library enables the user to find the country, region, city, coordinates, zip code, time zone, ISP, domain name, connection type, area code, weather, MCC, MNC, mobile brand name, elevation and usage type that any IP address or hostname originates from. It has been optimized for speed and memory utilization. Developers can use the API to query all IP2Location™ binary databases for applications written in C or supporting static/dynamic library.
A number of tools to enhance management/coding of NFR (http://www.nfr.net) IDA, and various other admin tools that can be used for both NFR and hand coding other appliance scripts.
Shadow Watcher is a Peer to Peer log sharing tool for the security analyst. Consider it a "community watch" program which allows you to keep your system secure from the threats on the internet and help others do the same.
A tool to visualize interactively huge amounts of eventdata. Uses an innovative hierarchical zoomlens scaling from quarters down to 50 ms.
This project is an attempt to redesign the snort database schema and to provide a new analysis frontend and associated tools.
Ztats is a overall info tool for an Halflife server. (it may expand to other server types in the future). it's intended for wesite admins/game admins who want to include all sorts of server info in their site. main features : - live server monitor
esweep is a scriptable audio measurement program which features various signals and signal processing functions. Its main purpose is the measurement of speakers.
FastStats is a c-based replacement for HalfStats (http://www.halfstats.com/), a Half-Life log parser and reporting tool.
Small utility written in C allowing easy access to Apache mod_log_sql generated logs for the purpose of log analyzers such as webalizer. Takes any or none of parameters virtual host, month, and year to generate Common Log Format dump to STDOUT.
Dragon Search in a tool to aid in investigations and forensic analysis. By supplying a firewall or other type of log file, it will attempt to match files listed in the log to files located on a suspect hard drive.
An extended version of GNU tail, with features targeted primarily (though not exclusively) at bandwidth and latency analysis of Financial Information eXchange (FIX) protocol log files.
JMassLogProcess is an next generation SIEM solution, based on high performance syslog and snmp trap collector(up to 20,000 logs/s),Distributed File System(Hadoop),Complex Event Processing Engine and ZK …….