10.13. 防御¶
10.13.1. 日志检查¶
teler Real-time HTTP Intrusion Detection
10.13.2. 终端监控¶
attack monitor Endpoint detection & Malware analysis software
artillery The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
yurita Anomaly detection framework @ PayPal
crowdsec An open-source, lightweight agent to detect and respond to bad behaviours
tracee Linux Runtime Security and Forensics using eBPF
10.13.3. XSS防护¶
10.13.4. 配置检查¶
Attack Surface Analyzer analyze operating system’s security configuration for changes during software installation.
gixy Nginx 配置检查工具
dockerscan Docker security analysis & hacking tools
10.13.5. 安全检查¶
lynis Security auditing tool for Linux, macOS, and UNIX-based systems
10.13.6. IDS¶
ByteDance HIDS Cloud-Native Host-Based Intrusion Detection
10.13.7. RASP¶
10.13.8. SIEM¶
panther Detect threats with log data and improve cloud security posture
10.13.9. 威胁情报¶
10.13.10. APT¶
APT Hunter Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
10.13.11. 入侵检查¶
10.13.12. 进程查看¶
10.13.13. Waf¶
10.13.14. 病毒在线查杀¶
10.13.15. WebShell查杀¶
10.13.16. 规则 / IoC¶
capa rules standard collection of rules for capa
AttackDetection Suricata PT Open Ruleset
DailyIOC IOC from articles, tweets for archives
10.13.17. 威胁检测¶
ARTIF An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data
10.13.18. Security Advisories¶
10.13.19. Security Tracker¶
10.13.20. 匹配工具¶
10.13.21. DoS防护¶
Gatekeeper <https://github.com/AltraMayor/gatekeeper>`_ open-source DDoS protection system
10.13.22. 对手模拟¶
sliver Adversary Simulation Framework