Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
The Subukan Sensor is a complete Network Intrusion Detection System (NIDS) platform. It is not simply an application one can install on an existing operating system. Rather, Subukan is a total software solution including both an operating system and a unique compilation of security tools. It is based on a single file image or firmware that transforms almost any hardware equipment into a fully functional NIDS appliance. Appliance- based technology simplifies administration and provides the capability for remote upgrades.
FreeBSDShield is a DShield.org reporting client for FreeBSD and the ipfw firewall. It allows you to report attempted security breaches to the DShield cooperative firewall logging effort, which in turn helps the Internet Storm Center (and netizens at large) track trends in network security and catch emerging vulnerabilities.
Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attackers' IP addresses into the ipfw2 table, effectively blocking them. Addresses are automatically removed from the table after specified amount of time. Bruteblock uses regular expressions to parse logs, which gives it enough flexibility to be used with almost any network service. Bruteblock doesn't use any external programs and works with ipfw2 tables via the raw sockets API.
pflogx is a simple tool that exports OpenBSD packet filter logs to XML files. It reads a binary log file generated by the pf logging daemon (pflogd) and generates a human-readable and exploitable XML file. Using an XSLT processor you can convert this XML file to any other format, such as HTML, CSV, or SQL.