Pinned Repositories
BeaKer
Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
docker-zeek
Run zeek with zeekctl in docker
espy
Endpoint detection for remote hosts for consumption by RITA and Elasticsearch
passer
Passive service locator, a python sniffer that identifies servers, clients, names and much more
pcap-stats
Learn about a network from a pcap file or reading from an interface
rita
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
smudge
Passive OS detection based on SYN packets without Transmitting any Data
threat-hunting-labs
Collection of walkthroughs on various threat hunting techniques
threat-tools
Tools for simulating threats
zeek-log-transport
This script ships logs from Zeek to AC-Hunter
Active Countermeasures's Repositories
activecm/rita
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
activecm/BeaKer
Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
activecm/passer
Passive service locator, a python sniffer that identifies servers, clients, names and much more
activecm/threat-tools
Tools for simulating threats
activecm/threat-hunting-labs
Collection of walkthroughs on various threat hunting techniques
activecm/espy
Endpoint detection for remote hosts for consumption by RITA and Elasticsearch
activecm/docker-zeek
Run zeek with zeekctl in docker
activecm/smudge
Passive OS detection based on SYN packets without Transmitting any Data
activecm/pcap-stats
Learn about a network from a pcap file or reading from an interface
activecm/zcutter
Extracts fields from zeek logs, compatible with zeek-cut
activecm/sniffer-template
Template for building a packet sniffer
activecm/zeek-open-connections
activecm/rita-bl
Real Intelligence Threat Analytics -- Blacklist Database
activecm/zeekcfg
A node.cfg generator for zeekctl
activecm/certificate-issues
Identifies certificate problems from Zeek ssl log files
activecm/shell-lib
Shell Scripts Used Across ActiveCM Projects
activecm/zeek-log-transport
This script ships logs from Zeek to AC-Hunter
activecm/mgosec
A Small Helper Library For Securing MongoDB Connections with Golang
activecm/safelist-tools
Tools for working with the safelist (formerly whitelist)
activecm/pcap-resources
Support files and tools for pcap analysis and packet capture
activecm/zeek-log-clean
Delete Zeek log files until disk usage is under a given threshold
activecm/bad-asn-list
An open source list of ASNs known to belong to cloud, managed hosting, and colo facilities.
activecm/save_json_stream
JSON TCP stream importer for RITA and AC-Hunter
activecm/tcp-sig-json
Json file that holds TCP signatures for passive OS fingerprinting
activecm/ACH-Zeek
Zeek installer packaged with AC-Hunter
activecm/active-dns-lookup
Lookup hostnames via dns
activecm/db-lib
Python database access library
activecm/get-release
Github Action to get release information based on a tag
activecm/packages
The default package source of the Zeek Package Manager
activecm/zeek-agent-v2
Open source endpoint agent providing host information to Zeek. [v2]