☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, right from your terminal.

A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.

Threatest is a CLI and Go framework for end-to-end testing threat detection rules.

Real-time eBPF-powered network security monitor with AI-driven threat detection. Surfaces port scans, DDoS attacks, botnet activity, and anomalies at 100Gbps+ speeds with sub-microsecond latency (~150 million packets/sec).

A fast, customizable service detection tool powered by a flexible fingerprint system. It helps you identify services, APIs, and network configurations across your infrastructure.

Advanced threat detection solution for Linux.

A blazing fast, highly customizable, modern-day defence tool using (in memory) SQL & REST/gRPC protocols.

A distributed honeypot for monitoring large scale web attacks

An SSH honeypot written entirely in Go.

A Go-based IP security protection package providing real-time threat detection, dynamic risk scoring, device fingerprinting, and multi-layered security mechanisms.

Trend Vision One File Security Go SDK

A lightweight Go wrapper for the libyara library without CGO dependencies, providing a simplified and efficient way to use YARA on Windows and Linux.

Server Agent Threat Detection

Detection engine at scale using Apache Beam, Apache Flink, Kubernetes