Network threat detection tools

Tools

CHIRON ELK (network analytics and threat detection)

network analysis, network security monitoring, network traffic analysis, threat discovery

CHIRON is a tool to provide network analytics based on the ELK stack. It is combined with Machine Learning threat detection using the Aktaion framework. Typical usage of the tool is home use and get the visibility of home internet devices. By leveraging the Aktaion framework, it helps with detection threats like ransomware, phishing, or other malicious traffic.

MISP (Malware Information Sharing Platform)

fraud detection, information gathering, threat hunting

MISP collects, stores, and distributes security indicators and discovered threats. This makes the platform useful for those involved with security incidents and malware research. Users benefit from having a well-tested platform to structure the vast number of data points available when it comes to security threats. The tooling allows interaction with other tools, like security incident and event management (SIEM) and intrusion detection systems (IDS).

Suricata (network IDS, IPS and monitoring)

information gathering, intrusion detection, network analysis, threat discovery

Suricata can be used as part of a Network Security Monitoring (NSM) ecosystem. You could use it to log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.