I always get complaints from my customers, that security is expensive.
So, this is the attempt to create a Security Operations Center (SOC) on a budget.
I assume a server is available and security personnel. (without people, there's no company...)
Product | Open Source Tools |
---|---|
Firewall | pfsense [1], iptables [2] |
Antivirus | (ClamAV [3]) |
Vulnscanner | OpenVAS [4] |
SIEM/HIDS | ELK [5], Wazuh [6] |
Sandbox | cuckoo [7] |
Ticket-Tool | osTicket [8], uvdesk [9] |
Threat-Intel | MISP [10] |
Incident Response | velociraptor [11], Cortex/TheHive [12] |
Acquisition | Kansa [13], LinuxTriage [14] |
HD-Forensics | Autopsy [15], log2timeline [16] |
RAM-Forensics | volatility [17], LiME [18], winpmem [19] |
NIDS | SecurityOnion [20], Zeek [21], Suricata [22] |
Reversing | radare2 [23], cutter [24], Ghidra [25], Manalyze [26] |
Honeypot | T-Pot [27], Cowrie [28], Dionaea [29] |
Asset-Database | snipe-it [30] |
ClamAV is missing up-to-date signatures and is usually a bit behind other professional antivirus solutions. However, most companies have an antivirus already and in Windows environments there is Windows Defender.
Apart from the antivirus, all tools needed to have a SOC (and halfway decent security) are available open source and free.
[1] https://github.com/Recruit-CSIRT/LinuxTriage
[2] https://git.netfilter.org/iptables/ (or in any Linux distribution)
[3] https://github.com/Cisco-Talos/clamav
[4] https://github.com/greenbone/openvas-scanner
[5] https://github.com/elastic/elasticsearch, https://github.com/elastic/logstash, https://github.com/elastic/kibana
[6] https://github.com/wazuh/wazuh
[7] https://github.com/cuckoosandbox/cuckoo
[8] https://github.com/osTicket/osTicket
[9] https://github.com/uvdesk/community-skeleton
[10] https://github.com/MISP/MISP
[11] https://github.com/Velocidex/velociraptor
[12] https://github.com/TheHive-Project/Cortex, https://github.com/TheHive-Project/Cortex
[13] https://github.com/davehull/Kansa
[14] https://github.com/Recruit-CSIRT/LinuxTriage
[15] https://github.com/sleuthkit/autopsy
[16] https://github.com/log2timeline/plaso
[17] https://github.com/volatilityfoundation/volatility3
[18] https://github.com/504ensicsLabs/LiME
[19] https://github.com/Velocidex/WinPmem
[20] https://github.com/Security-Onion-Solutions/securityonion
[21] https://github.com/zeek/zeek
[22] https://github.com/OISF/suricata
[23] https://github.com/radareorg/radare2
[24] https://github.com/rizinorg/cutter.re
[25] https://github.com/NationalSecurityAgency/ghidra
[26] https://github.com/JusticeRage/Manalyze
[27] https://github.com/telekom-security/tpotce
[28] https://github.com/cowrie/cowrie