283 Open source projects that are alternatives of or similar to Attackdatamap

Test Blue Team detections without running any attack.

A repository of sysmon configuration modules

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Windows Events Attack Samples

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Recon Hunt Queries

incident response scripts

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Repository with Sample KQL Query examples for Threat Hunting

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

SIEM Tactics, Techiques, and Procedures

A Linux Auditd rule set mapped to MITRE's Attack Framework

Splunk code (SPL) useful for serious threat hunters.

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Extract and aggregate threat intelligence.

A knowledge base of actionable Incident Response techniques

Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques

An Active Defense and EDR software to empower Blue Teams

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Threat Detection & Anomaly Detection rules for popular open-source components

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Signature base for my scanner tools

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

All-in-one bundle of MISP, TheHive and Cortex

Open Source EDR for Windows

PCAP Samples for Different Post Exploitation Techniques

🔮 Visibility Across Space and Time

Your Everyday Threat Intelligence

Deploy and maintain Symon through the Splunk Deployment Sever

Microsoft Sentinel SOC Operations

Pushes Sysmon Configs

Open-source framework to detect outliers in Elasticsearch events

Misc Threat Hunting Resources

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Incident Response - Fast suspicious file finder

Incident Response Scripts

Azure Sentinel intrusion detection rules, recent exploits and lolbas :)

Kong API Manager with Prometheus And Graylog

Yara rules written by me, for free use.

enpoint detection / live analysis & sandbox host / signatures quality test

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

My personal experience in Threat Hunting and knowledge gained so far.

Logmira by Blumira has been created by Amanda Berlin as a helpful download of Microsoft Windows Domain Group Policy Object settings.

Very basic CLI SIEM (Security Information and Event Management system).

Bash script to Check for malicious Cryptomining

A script to assist in processing forensic RAM captures for malware triage

Open Source data and event driven real time Monitoring and Analytics Platform

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

CyCAT.org API back-end server including crawlers

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.

Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.

Threat Hunting queries for various attacks

⚔️MITRE ATT&CK Machinations in R

Repository for threat hunting and detection queries, tools, etc.

Dumps all of the Key/Value pairs from a LevelDB database