Tool category
Network Security Monitoring
Web Vulnerability Scanning
Penetration Testing
Knowledge base
Cyber Threat Intelligence Sharing
Cybersecurity Awareness

Automated X-Modes and Effects Analysis – AXMEA

Reliability and safety assessment of modern complex systems that include thousands of electronic components becomes a tedious procedure that almost can’t be implemented manually without tool support. AXMEA tool is intended to support, simplify and make more credible the preceding assessment procedure.

CVE Strainer

Technology is continuously advancing at an increasing pace. With the advent of every new application and platform, new attack vectors become available to malicious parties. Every increase in the attack surface of an organization results in larger overhead for administrators and device owners since they are forced to pay attention to an increasing amount of websites, partner portals, blogposts, RSS feeds, and other sources of valuable information. The need arises for a solution that can collect pertinent data for specific products in order to reduce overhead and to supply interested parties with vulnerability notifications in real time.

ECHO Multi-sector Assessment Tool (E-MAT)

The ECHO Multi-sector Assessment Tool (E-MAT) goes hand-in-hand with the ECHO Multi-sector Assessment Framework (E-MAF).  As the ECHO Multi-sector Assessment Framework (E-MAF) is an analysis of transversal and inter-sectoral challenges and opportunities, and it supports the development of cybersecurity technology roadmaps, the E-MAT is a complex assessment framework that incorporates multiple inputs.  

Malware Analysis and Intelligence Tool (MAIT)

For most cyberattacks, malware is the component that delivers the decisive blow to the victim. Regardless of the increased capabilities of the attackers in delivering the attack or avoiding detection, the malware plays an important role in the success (or failure) of the attack. A first time introduced malware, or a new version of known malware, can achieve its objectives while remaining undetected by the in-place detection mechanisms and cybersecurity measures.

Penetration Testing Tool (PENTEST)

The main scope of the Penetration Testing tool is to provide a fully automated vulnerability scanner that detects and reports vulnerabilities including (web) application vulnerabilities, network protocol vulnerabilities, operating system vulnerabilities and misconfiguration vulnerabilities. This tool not only complements the role of a penetration tester, but also automates tasks that can take hours to test manually, delivering results with the fewest possible false positives.

Secure Information Platform Tool (SISP)

Healthcare organizations struggle with information exchange. They want to exchange between different hospitals in different regions and with hospitals across borders. The need is to transfer patient information, in a flexible manner and in compliance with regulations and legislation. This is becoming more and more important because of the increased mobility across the European Union, causing patients to seek medical advice in different countries and hospitals.


The SNORT module is Network Intrusion Detection System based on Snort environment. However, this tool contains extended functionality of Snort: heuristic approach to intrusion detection based on external data. We developed this prototype because we believe the joint approach to attack detection (in federation or just a group of entities in selected sector) is more effective than an individual approach.

Threat Exposure Calculator (TEC)

For cyber security risk assessment, we mean the process of identifying risks, analysing them and evaluating the impacts on an organization. Without this process, an organization could waste time and money (effort) focusing for example on useless assets. One of the key points that a risk assessment tool should be to optimize investments to reduce the overall risks.

Cyber Management System (CyMS)

A demo video is available only under direct request to the tool owners!

More information:

MonSys Bridge

The MonSys Bridge connects a wide range of security monitoring solutions with the ECHO Early Warning System (E-EWS). The prototype captures selected alerts generated by other monitoring and/ or security information and event management (SIEM) solutions, employed inside an organization, sanitizes the information in the alert, and sends it out in a form of a ticket to the ECHO-Early Warning System. The MonSys Bridge enables collaborative threat intelligence and threat hunting to strengthen the protective and predictive capabilities of the organizations either within a supply/ value chain, within a sector or within a state.

Trust and Quality Metrics (TQM)

The idea behind defining trust and quality metrics for the threat intelligence data that is shared amongst EWS partners is to decrease the level of information overload as well as reduce false positives, which are both common in most cyber threat intelligence sharing platforms. The TQM prototype aims to propose metrics to be used to rate the quality of threat intelligence data shared between partners and, by this, improve the trust in the relevancy of information shared among them. It will also enable an option to assess the trustworthiness of received information and its source based on metrics directly attributed to the trust level.

SIEM/IDS for Spacecraft Operations (SISO)

Sustained operation of the spacecraft is critically dependent on the reliable functioning of the hardware and software components that connect the various subsystems of which the spacecraft operations domain is composed. These components must be well protected against threats present in the cyber domain that could potentially negatively affect, for example, the space segment through command intrusion or payload control, the user segment through spoofing and DoS attacks, or the ground segment through hacking or malware.

IDS Combo

Advanced network Intrusion Detection Systems (IDS) utilise the power of machine learning (ML) and big data technologies. Various machine learning methods and tools have been developed with the purpose to identify anomalous behaviour, detect and classify intrusions. Every method has advantages and disadvantages and its performance may vary widely depending on the type of cyberattack.

CTI Extractor

As technology evolves, cyber-attacks progressively become more sophisticated and innovative. For an organisation or a corporation to repel or mitigate an upcoming attack, cyber threat intelligence (CTI) plays a decisive role through the collection, classification, and exploitation of knowledge about adversaries that gives defenders the upper hand and allows them to learn and evolve with each intrusion they face. Evidently, having access to accurate and comprehensive CTI enhances the preparedness, attack mitigation, and diagnostic capabilities of an organisation.