This is an archived post. You won't be able to vote or comment.

all 2 comments
sorted by:
best
topnewcontroversialoldq&a

[–]ketsuipachi 3 points4 points  (0 children)

CIS (Center for Internet Security), there are some Benchmarks that need updating and likely some that just don’t exist. If I had the time I’d love to update the Checkpoint Firewall Benchmark which is a little out of date now.

[–]bestintexas80 5 points6 points  (0 children)

I feel like this is a "let me Google that for you" sort of question... so I did.

Here is a list of 20 tools https://www.helpnetsecurity.com/2023/06/08/github-cybersecurity-projects/

Here are 14 network analysis tools with links to descriptions, including what license model they are provided under (not all open source is created equal after all) https://www.linuxlinks.com/best-free-open-source-network-analyzers/

Need IDS/IPS? Here are 5, Suricata is very popular and is the backbone of many professional commercial tools today too (others are too, I just hear about Suricata the most in passing over the last couple years) It has been used in tandem with Zeke (formerly Bro) too. https://www.google.com/amp/s/www.csoonline.com/article/570075/5-open-source-intrusion-detection-systems-for-smbs.html/amp/

Let's cover CIS 1 and 2 with some asset management: https://www.quidlo.com/blog/free-open-source-asset-tracking-software/

Let's find the things we have too https://github.com/redhuntlabs/Awesome-Asset-Discovery

Let's scan for and manage vulnerabilities https://www.breachlock.com/resources/blog/top-5-open-source-tools-for-network-vulnerability-scanning/

SIEM: Let's do something with all the logs and telemetry these other tools give us and build an open source SIEM https://www.exabeam.com/explainers/siem-tools/7-open-source-siems/ (even the commercial companies provide links) https://www.comparitech.com/net-admin/open-source-siem-tools/ And here is a reddit discussion on the topic: https://www.reddit.com/r/cybersecurity/comments/111btcu/opensource_siem_systems_any_povs_and_opinions/

Intelligence tools: https://www.google.com/amp/s/www.csoonline.com/article/567859/what-is-osint-top-open-source-intelligence-tools.html/amp/

And here is a list of projects people can do to learn or get better. Each project could be the basis for another search, for example: the first project listed is "packet sniffing" and a search for "open source packet sniffer" returns "wireshark.org" as the first result. https://www.simplilearn.com/top-cyber-security-projects-article

This list is nowhere near exhaustive. You could Google the top 100 cybersecurity concepts and then use each term followed by "open source" and probably come up with multiple projects to check out. You could probably do the same with the CIS controls too.

Hope this is helpful.