Asset Identification, Blue Team, Cyber security, ICS Arabia, ICS Incident Response, ICS security, ICS Tools, Open Source

Open Source Tools for OT Defenders

| Sulaiman Alhasawi

In my recent podcast “ICS/OT Blue Team” on ICS Arabia πŸŽ™οΈ with Shaker Hashlan, we dived into a topic critical for OT defenders. As promised, here’s a list of these tools, categorized for ease of use. Let’s explore their capabilities and where you can find them:

Network / Packets / Scanning

  1. Nmap
    A classic tool for network discovery and security auditing. It helps you map out your network, identify open ports, and detect potential vulnerabilities.
    🌐 nmap.org
  2. Wireshark
    The go-to tool for network protocol analysis. Wireshark captures and inspects packets in real-time, offering invaluable insights into network traffic.
    🌐 wireshark.org

Detection

  1. Snort
    Snort is an open-source intrusion detection and prevention system (IDS/IPS) that monitors network traffic in real time, identifying suspicious activity using predefined and custom rules.
    🌐 snort.org
  2. Suricata
    Another robust IDS and network monitoring tool capable of multi-threaded detection for real-time analysis.
    🌐 suricata.io
  3. Zeek (formerly Bro)
    A network security monitor that transforms raw traffic into structured, high-level logs for detailed analysis.
    🌐 zeek.org
  4. Sysmon
    A Windows system service that logs system activity, providing detailed insights into processes, network connections, and file creation events.
    🌐 Sysmon

Asset Inventory

  1. AssetTiger
    A free, cloud-based asset management tool to keep track of your OT devices and their statuses.
    🌐 assettiger.com

Protection

  1. OpenZiti
    A zero-trust networking platform that allows secure connectivity without exposing services to the internet.
    🌐 openziti.io

Incident Response (IR)

  1. Google GRR
    A tool for remote forensic analysis, allowing investigators to gather and analyze data from machines across your network.
    🌐 github.com/google/grr
  2. Velociraptor
    A digital forensics and incident response (DFIR) toolset for analyzing Windows systems.
    🌐 https://docs.velociraptor.app
  3. OSSEC (OSEc)
    A host-based intrusion detection system (HIDS) that monitors log files, file integrity, and more.
    🌐 ossec.net

SOC Operations

  1. Elastic Stack (ELK)
    A complete data analysis and visualization solution perfect for building security operations centers (SOC).
    🌐 elastic.co
  2. Wazuh
    An open-source security platform that provides intrusion detection, log management, and monitoring for compliance.
    🌐 wazuh.com

Threat Intelligence

  1. MISP (Malware Information Sharing Platform)
    MISP is an open-source threat intelligence platform that enables organizations to collect, share, and collaborate on threat data.
    🌐 misp-project.org

Signatures

  1. YARA
    A tool for creating and analyzing rules to identify and classify malware samples.
    🌐 github.com/Yara-Rules/rules

Rule Translation

  1. Sigma
    A generic signature format that translates detection rules into queries for different SIEM platforms.
    🌐 Sigma GitHub

Firewall

pfSense
A powerful, open-source firewall and router solution with enterprise-level features.
🌐 pfsense.org

In conclusion, these tools represent just a fraction of the vast ecosystem of open-source solutions available for OT defenders. We are not endorsing or promoting any specific tool, nor have we tested them all exhaustively. This list is based on their known existence and popularity within the cybersecurity community. If you have other tools you’d like to suggest, feel free to share themβ€”we’re always open to expanding the list and raising awareness about valuable resources.

#Blue Team Tools #cyber security #ICS #ics security #Open Source #OT #OT security

Comments are closed.