Creating a SOC with OSS
This Repo is a collection of scripts to install some of the most critical OSS available for Security Operation Centers. Links have also been provided to the tools. I have found through my experience that one of the largest barriers to the implementation of some of these fantastic tools is the challenges that are presented when attempting to install and configure them.

If you think about your SOC ecosystem you need a number of tools to assist with your operations.

Knowledge Management/TIP:

• MISP
• YETI

Detecting Threats:

• Network Based

  • SELKS
  • Security Onion
  • RockNSM
  • Xplico

• Host Applications

  • ClamAV
  • Syslog (Linux / Mac)
  • NXLog (Windows)
  • WinLogBeat (Windows)

Centralized Alert Storage:

• Kibana or SELKS
• OSSIM

Intelligence Report Acquisition:

• MISP - has a built in TAXII Server
• STAXX
• YETI

IOC Enrichment:

• Maltego - I know it's not free; but it's super cheap

Forensics:

• GRR - Allows the ability to acquire live images from remote hosts
• SANS SIFT - Live forensic CD for image acquisition an analysis
  • dd - Forensic image acquisition (linux only and included in SIFT)
• Sleuthkit - Lots of great tools although I use most for timeline analysis
• Redline - Analyzing Forensic images. Simple interface; easy for junior members to use
• Volatility - Awesome for analyzing memory

Threat Hunting

• HELK - Needs a fairly beefy system for testing

Malware Analysis:

• Static
  • REMNux
• Dynamic
  • Cuckoo Sandbox
  • LaikABoss

Malware Repository:

• CRITs

Security Orchestration:

• WalkOFF

Vulnerability Management:

• OpenVAS

Rule Validation - MITRE ATT&CK Framework (Red team activities)

• Metta
• Atomic Red Team
• RedHunt

Software Inventory:

• OCS Inventory-NG

Interesting Projects:

• RITA - Real Intelligence Threat Analytics

Please email me with recommendations on free OSS that I've missed which you feel should be on the list. securesynapse@gmail.com