The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.
IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets and log files using a message queuing protocol.
The Hive is a scalable, open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner.
NfSen allows you to keep all the convenient advantages of the command line using nfdump directly and gives you also a graphical overview over your netflow data.
Use Elastic to search, monitor, analyze and visualize machine data.
Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.
Packetbeat is a lightweight network packet analyzer that sends data from your hosts and containers to Logstash or Elasticsearch.
Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.
More tools will be added soon!
In this PDF you'll explore and "play" with a collection of CERT's daily used opensource tools for handling security incidents. (A live image will be provided where tools like TheHive, Cortex, IntelMQ, NFsen, Wazuh and Packetbeat are included)
|Credentials needed to log into the virtual machine:|
Switch on in Virtual Box and follow console indications
Thank's to Rodrigo Zamora Nelson and Sergi Majoral LLimiñana for the work done in his Master's Thesis