734 Open source projects that are alternatives of or similar to Azure-Sentinel-4-SecOps

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Explore Indicators of Compromise Automatically

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

All-in-one bundle of MISP, TheHive and Cortex

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

A Lambda-powered Security Orchestration framework for AWS GuardDuty

#ThreatHunting #DFIR #Malware #Detection Mind Maps

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Repository with Sample KQL Query examples for Threat Hunting

A curated list of awesome threat detection and hunting resources

A toolkit for Security Researchers

PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting

Tracking APT IOCs

🚌 The missing link to connect open-source threat intelligence tools.

SIEM Tactics, Techiques, and Procedures

Find phishing kits which use your brand/organization's files and image.

Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).

Very basic CLI SIEM (Security Information and Event Management system).

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

Incident Response - Fast suspicious file finder

Bringing you the best of the worst files on the Internet.

Personal compilation of APT malware from whitepaper releases, documents and own research

Recon Hunt Queries

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

PatrowlHears - Vulnerability Intelligence Center / Exploits

Splunk code (SPL) useful for serious threat hunters.

Real-time HTTP Intrusion Detection

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Open-source framework to detect outliers in Elasticsearch events

Signature base for my scanner tools

A helper to run OSINT queries & manage results continuously

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Don't Just Search OSINT. Sweep It.

incident response scripts

Cyber Incident Response Team Playbook Battle Cards

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

SIAC is an enterprise SIEM built on open-source technology.

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

Sandia Cyber Omni Tracker (SCOT)

Open Source SIEM (Security Information and Event Management system).

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

ThePhish: an automated phishing email analysis tool

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

A schema and set of tools for using SQL to query cloud infrastructure.

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Capture passwords of login attempts on non-existent and disabled accounts.

Utilities for Sysmon

BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

🔮 Visibility Across Space and Time

recon-ng modules for Censys