18 projects
Wazuh
Wazuh is an open source security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. It performs threat detection, integrity monitoring, incident response and regulatory compliance through integrated capabilities for log analysis, file integrity monitoring, vulnerability detection, and security configuration assessment.
Contributors
4,231
Organizations
378
Software value
$101M
Graylog
Graylog is a centralized log management and analysis platform that collects, stores, and enables real-time analysis of machine data and logs from various sources. It provides powerful search capabilities, dashboards, alerts, and data visualization tools to help organizations monitor and troubleshoot their IT infrastructure.
Contributors
3,516
Organizations
690
Software value
$33M
Security Onion
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
Contributors
2,409
Organizations
63
Software value
$13M
OSSEC
OSSEC is an open source Host-based Intrusion Detection System (HIDS) that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It provides comprehensive security monitoring and threat detection for servers and systems.
Contributors
1,311
Organizations
197
Software value
$6.7M
Splunk Security Content
A collection of security detections, analytics, tools, and content for Splunk Enterprise Security and Splunk SIEM deployments. It provides pre-built security use cases, correlation searches, reports, and dashboards to help organizations detect and respond to security threats.
Contributors
957
Organizations
17
Software value
$17M
FingerprintJS
FingerprintJS is a browser fingerprinting library that helps identify and track website visitors through their browser and device characteristics, providing fraud prevention and user identification capabilities without requiring cookies or storage access.
Contributors
926
Organizations
195
Software value
$228K
Arkime
Arkime is an open source, large scale, full packet capturing, indexing, and database system.
Contributors
788
Organizations
89
Software value
$6.9M
Suricata
Suricata is an open source network threat detection engine providing real-time intrusion detection (IDS), intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. It inspects network traffic using powerful and extensive rules and signature language, and offers support for Lua scripting for detection of complex threats.
Contributors
783
Organizations
113
Software value
$17M
Velociraptor
Velociraptor is an advanced digital forensics and incident response tool that enables live remote acquisition and monitoring of endpoints at scale. It provides a query language called VQL (Velociraptor Query Language) for collecting artifacts and investigating systems, with capabilities for real-time triage, threat hunting, and continuous monitoring.
Contributors
704
Organizations
51
Software value
$13M
StackRox
StackRox is a Kubernetes-native security platform that helps organizations secure their container and Kubernetes environments through vulnerability management, compliance, network segmentation, configuration management, and threat detection capabilities.
Contributors
469
Organizations
75
Software value
$97M
ThreatMapper
ThreatMapper is an open-source cloud native security observability platform that scans, maps, and ranks vulnerabilities in running containers, images, hosts and repositories. It provides runtime analysis, threat detection, and attack path visualization across cloud native production platforms.
Contributors
226
Organizations
35
Software value
$15M
Malcolm
Malcolm is a network traffic analysis tool suite designed to analyze and process packet capture (PCAP) files using multiple open source tools. It provides a web interface for log and PCAP analysis, leveraging Docker containers for deployment and integrating various security monitoring capabilities.
Contributors
204
Organizations
19
Software value
$8M
AIL Framework
AIL Framework (Analysis Information Leak) is an open source platform for collecting, analyzing and correlating information leaks and suspicious content found on various sources including darknet, clearnet and pastes. It provides automated collection, processing and visualization of potentially sensitive data.
Contributors
191
Organizations
23
Software value
$2.7M
Tenzir
Tenzir is a high-performance data processing engine that enables real-time analysis and transformation of large-scale network and security data. It provides a unified platform for collecting, enriching, and analyzing diverse data sources with a focus on network security and observability.
Contributors
134
Organizations
35
Software value
$8.6M
AIL framework
AIL (Analysis Information Leak) framework is an open source platform for analyzing potential information leaks from unstructured data sources. It provides modular tools for collecting, processing and correlating data from various sources like pastes, forums, and social media to detect sensitive information exposure.
Contributors
127
Organizations
15
Software value
$2.7M
Microsoft Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
This project hasn't been onboarded to LFX Insights.