DetectionLab is a reproducible Windows Active Directory security lab designed for testing detection capabilities. It uses an automation framework based on Vagrant and Packer to provision virtualized networks across multiple hypervisors and cloud platforms. The project utilizes Ansible for the declarative installation and configuration of domain services and endpoint security tools. It incorporates a browser-based remote access interface via Apache Guacamole to manage laboratory hosts without requiring standalone remote desktop clients. The environment includes a telemetry pipeline that aggre
BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
The main features of brimsec/brim are: Detection and Hunting Tools.
Open-source alternatives to brimsec/brim include: austin-taylor/flare. blueteamlabs/sentinel-attack. clong/detectionlab — DetectionLab is a reproducible Windows Active Directory security lab designed for testing detection capabilities. It… corelight/zeek2es — A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON… cyb3rward0g/helk — HELK is a containerized security information and event management environment and threat hunting platform. It provides… airbnb/binaryalert — BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.