inodee / Threathunting Spl
Splunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117
Labels
Projects that are alternatives of or similar to Threathunting Spl
Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (+142.74%)
Mutual labels: threat-hunting, siem
Ee Outliers
Open-source framework to detect outliers in Elasticsearch events
Stars: ✭ 172 (+47.01%)
Mutual labels: threat-hunting, siem
Siem
SIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (+34.19%)
Mutual labels: threat-hunting, siem
blue-teaming-with-kql
Repository with Sample KQL Query examples for Threat Hunting
Stars: ✭ 102 (-12.82%)
Mutual labels: threat-hunting, siem
detection-rules
Threat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (-70.94%)
Mutual labels: threat-hunting, siem
Azure-Sentinel-4-SecOps
Microsoft Sentinel SOC Operations
Stars: ✭ 140 (+19.66%)
Mutual labels: threat-hunting, siem
Attackdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+125.64%)
Mutual labels: threat-hunting, siem
Sentinel Attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+477.78%)
Mutual labels: threat-hunting, siem
Detections
This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Stars: ✭ 95 (-18.8%)
Mutual labels: threat-hunting
Sysmon Modular
A repository of sysmon configuration modules
Stars: ✭ 1,229 (+950.43%)
Mutual labels: threat-hunting
Django Rules
Awesome Django authorization, without the database
Stars: ✭ 1,255 (+972.65%)
Mutual labels: rules
Dovehawk
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Stars: ✭ 97 (-17.09%)
Mutual labels: threat-hunting
Evtx Attack Samples
Windows Events Attack Samples
Stars: ✭ 1,243 (+962.39%)
Mutual labels: threat-hunting
Analyst Arsenal
A toolkit for Security Researchers
Stars: ✭ 112 (-4.27%)
Mutual labels: threat-hunting
Signature Base
Signature base for my scanner tools
Stars: ✭ 1,212 (+935.9%)
Mutual labels: threat-hunting
Awesome Cybersecurity
Curated list of awesome cybersecurity companies and solutions.
Stars: ✭ 77 (-34.19%)
Mutual labels: siem
Awesome Threat Detection
A curated list of awesome threat detection and hunting resources
Stars: ✭ 1,804 (+1441.88%)
Mutual labels: threat-hunting
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-10.26%)
Mutual labels: threat-hunting
threathunting-spl
This is a repository to store Splunk code (SPL) and prototypes useful for building rules (correlation searches) and queries to find and hunt for malicious activity.
About
Feel free to contribute and share your feedbak in case you find it useful. For more Splunk (and Security) related stuff also check the following :
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].