Intrusion detection tools

Tools

Acra (database encryption proxy)

data encryption, data leak prevention, data security, vulnerability mitigation

Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

DejaVu (open source canary and deception framework)

security monitoring, threat discovery

DejaVu is an open source deception framework which can be used to deploy and administer decoys or canaries across a network infrastructure. Defenders can use deception as a technique to learn quickly about possible attackers on the network and take actions.

GRR Rapid Response (remote live forensics for incident response)

digital forensics, intrusion detection, threat hunting

The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.

MalPipe (Malware/IOC ingestion and processing engine)

data enrichment, data processing, intrusion detection, malware analysis, malware detection

MalPipe is a modular malware and indicator collection and processing framework. It is designed to pull information about malware, domains, URLs, and IP addresses from multiple feeds. Finally, it will enrich the collected data and export the results.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.