Attack Detection
The main features of ptresearch/attackdetection are: Forensics and Incident Response, Blue Team Tools.
Open-source alternatives to ptresearch/attackdetection include: jpcertcc/logontracer — LogonTracer is a security auditing tool designed for logon analysis and forensic log auditing. It functions as a… rajiv2790/falconeye. ccob/beaconeye — BeaconEye scans running processes for active CobaltStrike beacons. When processes are found to be running beacon,… damonmohammadbagher/etwprocessmon2. psgumshoe/psgumshoe. velocidex/velociraptor — Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and…
LogonTracer is a security auditing tool designed for logon analysis and forensic log auditing. It functions as a dockerized security auditor that utilizes a security event graph database to map account names and network addresses, allowing for the visualization of complex system compromise patterns and authentication paths. The system features a Sigma detection engine that scans imported event logs against standardized rule sets to identify known malicious activity. It also includes an anomalous behavior detector that applies statistical analysis, graph algorithms, and hidden Markov models to
BeaconEye scans running processes for active CobaltStrike beacons. When processes are found to be running beacon, BeaconEye will monitor each process for C2 activity.