10.13. 防御

10.13.1. 日志检查

10.13.2. 终端监控

  • attack monitor Endpoint detection & Malware analysis software
  • artillery The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
  • yurita Anomaly detection framework @ PayPal
  • crowdsec An open-source, lightweight agent to detect and respond to bad behaviours
  • tracee Linux Runtime Security and Forensics using eBPF

10.13.4. 配置检查

  • Attack Surface Analyzer analyze operating system's security configuration for changes during software installation.
  • gixy Nginx 配置检查工具
  • dockerscan Docker security analysis & hacking tools

10.13.5. 安全检查

10.13.6. IDS

10.13.7. RASP

  • Elkeid Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture
  • openrasp IAST 灰盒扫描工具

10.13.8. SIEM

  • panther Detect threats with log data and improve cloud security posture

10.13.9. 威胁情报

10.13.10. APT

  • APT Groups and Operations
  • APTnotes
  • APT Hunter Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

10.13.12. 进程查看

10.13.14. 病毒在线查杀

10.13.16. 规则 / IoC

10.13.17. 威胁检测

  • ARTIF An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data

10.13.19. Security Tracker

10.13.20. 匹配工具

  • yara The pattern matching swiss knife
  • capa The FLARE team's open-source tool to identify capabilities in executable files.

10.13.21. DoS防护

  • Gatekeeper <https://github.com/AltraMayor/gatekeeper>`_ open-source DDoS protection system

10.13.22. 对手模拟

  • sliver Adversary Simulation Framework

10.13.23. 入侵防护