bfuzzy / Auditd Attack
Licence: mit
A Linux Auditd rule set mapped to MITRE's Attack Framework
Stars: ✭ 642
Projects that are alternatives of or similar to Auditd Attack
Attackdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (-58.88%)
Mutual labels: threat-hunting, mitre-attack
Threathunting
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+14.95%)
Mutual labels: threat-hunting, mitre-attack
Sentinel Attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+5.3%)
Mutual labels: threat-hunting, mitre-attack
Sysmon Modular
A repository of sysmon configuration modules
Stars: ✭ 1,229 (+91.43%)
Mutual labels: threat-hunting, mitre-attack
Pcap Attack
PCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (-72.74%)
Mutual labels: threat-hunting, mitre-attack
S2AN
S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (-89.1%)
Mutual labels: threat-hunting, mitre-attack
Bluespawn
An Active Defense and EDR software to empower Blue Teams
Stars: ✭ 737 (+14.8%)
Mutual labels: threat-hunting, mitre-attack
Evtx Attack Samples
Windows Events Attack Samples
Stars: ✭ 1,243 (+93.61%)
Mutual labels: threat-hunting, mitre-attack
Macos Attack Dataset
JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
Stars: ✭ 116 (-81.93%)
Mutual labels: threat-hunting, mitre-attack
SIGMA-detection-rules
Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
Stars: ✭ 97 (-84.89%)
Mutual labels: threat-hunting, mitre-attack
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-43.46%)
Mutual labels: threat-hunting
Detectionlabelk
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (-57.48%)
Mutual labels: threat-hunting
Sysmon Config
Sysmon configuration file template with default high-quality event tracing
Stars: ✭ 3,287 (+411.99%)
Mutual labels: threat-hunting
Atomic Red Team
Small and highly portable detection tests based on MITRE's ATT&CK.
Stars: ✭ 5,364 (+735.51%)
Mutual labels: mitre-attack
Watcher
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (-49.53%)
Mutual labels: threat-hunting
Dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Stars: ✭ 3,124 (+386.6%)
Mutual labels: threat-hunting
Threatpinchlookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (-59.97%)
Mutual labels: threat-hunting
auditd-attack
A Linux Auditd rule set mapped to MITRE's Attack Framework
Disclaimer
Please ensure you test these rules prior to pushing them into production. This rule set is NOT meant to have all of its rules enabled all at once (although that'd be ideal) it is setup to serve as guidance toward increasing detection/hunting coverage.
WIKI
Special Thanks To:
TODO
- [ ] Increase MITRE ATT&CK coverage
- [ ] Test rules across multiple flavors of Linux
- [ ] Determine performance impacts of the ruleset
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].