IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets and log files using a message queuing protocol.
The Hive is a scalable, open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner.
NfSen allows you to keep all the convenient advantages of the command line using nfdump directly and gives you also a graphical overview over your netflow data.
Use Elastic to search, monitor, analyze and visualize machine data.
Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.
Packetbeat is a lightweight network packet analyzer that sends data from your hosts and containers to Logstash or Elasticsearch.
More tools will be added soon!
In this PDF you'll explore and "play" with a collection of CERT's daily used opensource tools for handling security incidents. (A live image will be provided where tools like TheHive, Cortex, IntelMQ, NFsen, Wazuh and Packetbeat are included)
|Credentials needed to log into the virtual machine:|
When login open Mozilla Firefox and enjoy with local tools through browser bookmarks!
Thank's to Rodrigo Zamora Nelson for the work done in his Master's Thesis