GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → basedfir → awesomekql

basedfir / awesomekql

Licence: GPL-3.0 License
Azure Sentinel intrusion detection rules, recent exploits and lolbas :)

Labels

azuresiemdetection-ruleslolbas

Projects that are alternatives of or similar to awesomekql

Dsiem
Security event correlation engine for ELK stack
Stars: ✭ 255 (+1493.75%)
Mutual labels:  siem
SysmonConfigPusher
Pushes Sysmon Configs
Stars: ✭ 59 (+268.75%)
Mutual labels:  siem
detection-rules
Threat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (+112.5%)
Mutual labels:  siem
Blue-Baron
Automate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.
Stars: ✭ 23 (+43.75%)
Mutual labels:  siem
LogRhythm.Tools
LogRhythm PowerShell Toolkit
Stars: ✭ 37 (+131.25%)
Mutual labels:  siem
OpenSIEM-Logstash-Parsing
SIEM Logstash parsing for more than hundred technologies
Stars: ✭ 140 (+775%)
Mutual labels:  siem
Vast
🔮 Visibility Across Space and Time
Stars: ✭ 227 (+1318.75%)
Mutual labels:  siem
Logmira
Logmira by Blumira has been created by Amanda Berlin as a helpful download of Microsoft Windows Domain Group Policy Object settings.
Stars: ✭ 46 (+187.5%)
Mutual labels:  siem
Azure-Sentinel-4-SecOps
Microsoft Sentinel SOC Operations
Stars: ✭ 140 (+775%)
Mutual labels:  siem
GDPatrol
A Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (+212.5%)
Mutual labels:  siem
ansible-role-auditbeat
Ansible role to install auditbeat for security monitoring. (Ruleset included)
Stars: ✭ 15 (-6.25%)
Mutual labels:  siem
SWELF
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Stars: ✭ 23 (+43.75%)
Mutual labels:  siem
siembol
An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.
Stars: ✭ 153 (+856.25%)
Mutual labels:  siem
qradar
Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition.
Stars: ✭ 53 (+231.25%)
Mutual labels:  siem
skalogs-bundle
Open Source data and event driven real time Monitoring and Analytics Platform
Stars: ✭ 16 (+0%)
Mutual labels:  siem
Sagan
** README ** This repo has MOVED to https://github.com/quadrantsec/sagan
Stars: ✭ 236 (+1375%)
Mutual labels:  siem
auditbeat-in-action
Demo for Elastic's Auditbeat and SIEM
Stars: ✭ 24 (+50%)
Mutual labels:  siem
Kong-API-Manager
Kong API Manager with Prometheus And Graylog
Stars: ✭ 78 (+387.5%)
Mutual labels:  siem
siemstress
Very basic CLI SIEM (Security Information and Event Management system).
Stars: ✭ 24 (+50%)
Mutual labels:  siem
cli-eaa
CLI for Enterprise Application Access (EAA)
Stars: ✭ 19 (+18.75%)
Mutual labels:  siem
View All Similar Projects ➔

alt text

Azure Security Suite - Awesome KQL

Please note these rules are built by me in my own time and are not in any way related to StripeOLT and you can use them as you like given the open source license.

Description

Some Azure Sentinel/ DATP KQL will be dumped here to help others on their journey.

For inexperienced viewers I will start to break down these queries into how exactly they work as well as publishing new rules to help cope with the latest security incidents for your SOC.

You can use as mentioned in my article the website: https://kustoking.com which is not maintained by me, however does have some great resources on learning KQL.

What's this about?

These are some kql dumps for Azure Sentinel analytics, these help detect bad behaviour within a network. Folder titled 'lolbas' contains rules surrounding abuse of system binaries which is becoming increasingly common for threat actors to use throughout the attack, from initial access -> exfiltration, as they are much less detected, than say a generic malware.exe

In the root folder you will find rules surrounding recent breaches/ exploits/ vulnerabilities.

https://basedfir.com

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].