Custom IDS Script
Lightweight rule-based Linux intrusion detection — evaluates YAML rules against auth.log, syslog, and shell history to emit terminal, Markdown, and JSON alerts.
Loads YAML rule files describing detection patterns (failed logins, suspicious commands, new user creation, sudo abuse) and applies them to log lines, producing actionable alerts with timestamps and recommended response actions. Targeted at small Linux servers, kiosks, and lab environments.
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- Rule Tuning LabSecurity project· Demo ready
Detection tuning lab — measures false-positive rate, precision, and noise grade per detection rule, then suggests tuning improvements based on labeled log samples.
- Exploitation VisibilitySecurity project· Demo ready
Detection engineering lab — compares expected attack signals against collected logs to surface visibility gaps and prioritize new detection rules.
- SOC Simulation LabSecurity project· Demo ready
End-to-end SOC workflow simulator — maps attack scenarios to collected logs, runs detections, identifies visibility gaps to practice analyst triage and detection engineering.
- SSH Brute-Force DetectorSecurity project· Demo ready
Linux auth log detector for repeated SSH failed-login attacks — scores brute-force activity per source IP and emits actionable alerts.
- AttackReplay StudioSecurity project· Demo ready
Visual incident replay dashboard — turns safe sample logs into an attack timeline, attack path view, GeoIP map, and incident summary.
Want a heads-up when Custom IDS Script releases?