GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → josh-morin → qradar

josh-morin / qradar

Licence: MIT license
Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition.

Programming Languages

shell
77523 projects

Labels

siemblueteamqradar

Projects that are alternatives of or similar to qradar

GDPatrol
A Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (-5.66%)
Mutual labels:  siem, blueteam
Malwless
Test Blue Team detections without running any attack.
Stars: ✭ 215 (+305.66%)
Mutual labels:  siem, blueteam
Sentinel Attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+1175.47%)
Mutual labels:  siem
Mozdef
DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
Stars: ✭ 2,164 (+3983.02%)
Mutual labels:  siem
Threathunting Spl
Splunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117 (+120.75%)
Mutual labels:  siem
Siem From Scratch
SIEM-From-Scratch is a drop-in ELK based SIEM component for your Vagrant infosec lab
Stars: ✭ 31 (-41.51%)
Mutual labels:  siem
Ypsilon
Automated Use Case Testing
Stars: ✭ 135 (+154.72%)
Mutual labels:  siem
Event Forwarding Guidance
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
Stars: ✭ 605 (+1041.51%)
Mutual labels:  siem
Sagan
** README ** This repo has MOVED to https://github.com/quadrantsec/sagan
Stars: ✭ 236 (+345.28%)
Mutual labels:  siem
Redelk
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Stars: ✭ 1,692 (+3092.45%)
Mutual labels:  siem
Ee Outliers
Open-source framework to detect outliers in Elasticsearch events
Stars: ✭ 172 (+224.53%)
Mutual labels:  siem
Siac
SIAC is an enterprise SIEM built on open-source technology.
Stars: ✭ 100 (+88.68%)
Mutual labels:  siem
Project Sauron
Tools to create a Native Windows Audit Collection Platform. Active Directory example provided
Stars: ✭ 58 (+9.43%)
Mutual labels:  siem
Xcyclopedia
Encyclopedia for Executables
Stars: ✭ 148 (+179.25%)
Mutual labels:  siem
Graylog2 Server
Free and open source log management
Stars: ✭ 5,952 (+11130.19%)
Mutual labels:  siem
Nzyme
Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.
Stars: ✭ 507 (+856.6%)
Mutual labels:  siem
Awesome Cybersecurity
Curated list of awesome cybersecurity companies and solutions.
Stars: ✭ 77 (+45.28%)
Mutual labels:  siem
Openuba
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
Stars: ✭ 127 (+139.62%)
Mutual labels:  siem
Dsiem
Security event correlation engine for ELK stack
Stars: ✭ 255 (+381.13%)
Mutual labels:  siem
Vast
🔮 Visibility Across Space and Time
Stars: ✭ 227 (+328.3%)
Mutual labels:  siem
View All Similar Projects ➔

Contents

Custom Action Scripts

Short Message Service

sms.sh

Send text messages from QRadar ”Custom Actions” using Twilio API in a bash file.

Setup

  1. Create an account from http://www.twilio.com
  2. Retrieve Phone number, Id, and Token generated under your dashboard
  3. Apply Phone number, Id, and Token into script
  4. Call script into QRadar, see QRadar setup below

QRadar Setup

  1. Go to Admin tab and select Define Actions under Custom Actions
  2. Select Add from top menu options
  3. Provide the following:
    • Name
    • Description
    • Interpreter: Bash
    • Upload SMS Bash/Curl script
    • Parameter Name
    • Fix Property Value
  4. Click Add
  5. Click Save

Custom Configurations

ip_context_menu.xml

To add these entries into the right-click menu, copy this file into /opt/qradar/conf and restart tomcat.

The following options are included:

  • Nmap
  • Ping
  • Traceroute
  • X-Force Exchange
  • AbuseIPDB
  • AlienVault OTX
  • Censys
  • Cisco Talos
  • DNSlytics
  • DShield
  • Google Safe Browsing
  • GreyNoise
  • IPVoid
  • MxToolBox Blacklist
  • Project Honey Pot
  • Shodan
  • Spamhaus Reputation Checker
  • ThreatMiner
  • VirusTotal

Remote Tasks

Resources

Resources & Content by IBM

Unofficial Resources

Disclaimer

All content is without warranty of any kind. Use at your own risk. I assume no liability for the accuracy, correctness, completeness, usefulness, or any damages.

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].