2 مستودعات
Logical operators used to evaluate system call data for security alerting.
Distinct from Boolean Data Filtering: Distinct from Boolean Data Filtering by focusing on security-specific event evaluation rather than general data isolation.
Explore 2 awesome GitHub repositories matching data & databases · Security Event Logic. Refine with filters or upvote what's useful.
Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments
Implements boolean operators and comparison expressions to evaluate system call data for triggering security alerts.
TheHive is a security incident response platform and multi-tenant case management system. It functions as a Security Orchestration, Automation, and Response (SOAR) tool and a threat intelligence platform designed to coordinate security investigations by managing alerts, cases, and observables. The platform is distinguished by its multi-tenant architecture, which isolates data across different organizations while supporting selective cross-tenant sharing. It features a SOAR automation engine capable of executing sandboxed JavaScript logic to automate workflows and trigger response actions thro
Evaluates incoming security events against field values and operators to trigger automated actions.