Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+562.75%)
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (+178.43%)
Threathunting SplSplunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117 (+14.71%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (+53.92%)
Ee OutliersOpen-source framework to detect outliers in Elasticsearch events
Stars: ✭ 172 (+68.63%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+158.82%)
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (-66.67%)
Adaz🔧 Automatically deploy customizable Active Directory labs in Azure
Stars: ✭ 197 (+93.14%)
pf-azure-sentinelParse pfSense/OPNSense logs using Logstash, GeoIP tag entities, add additional context to logs, then send to Azure Sentinel for analysis.
Stars: ✭ 24 (-76.47%)
vuekitKirby 3 + Vue.js kit
Stars: ✭ 16 (-84.31%)
KQLKQL queries for Advanced Hunting
Stars: ✭ 110 (+7.84%)
pyetiPython bindings for Yeti's API
Stars: ✭ 15 (-85.29%)
S2ANS2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (-31.37%)
DurableDungeonA game designed to teach and learn serverless durable functions in C#
Stars: ✭ 55 (-46.08%)
AzureKustoR interface to Kusto/Azure Data Explorer. Submit issues and PRs at https://github.com/Azure/AzureKusto
Stars: ✭ 18 (-82.35%)
GDPatrolA Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (-50.98%)
OSINT-BrazucaRepositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Stars: ✭ 508 (+398.04%)
kestrel-langKestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
Stars: ✭ 165 (+61.76%)
cli-eaaCLI for Enterprise Application Access (EAA)
Stars: ✭ 19 (-81.37%)
script-samplesA sample gallery of scripts to manage all things Microsoft 365.
Stars: ✭ 56 (-45.1%)
serverless-recipesCompendium of Serverless samples with Azure Cosmos DB
Stars: ✭ 30 (-70.59%)
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-78.43%)
irmaenpoint detection / live analysis & sandbox host / signatures quality test
Stars: ✭ 25 (-75.49%)
log2omsA super tiny agent (binary 5MB, container 12MB) that pushs app logs to Azure Log Analytics (OMS)
Stars: ✭ 17 (-83.33%)
BLUELAYSearches online paste sites for certain search terms which can indicate a possible data breach.
Stars: ✭ 24 (-76.47%)
support-tickets-classificationThis case study shows how to create a model for text analysis and classification and deploy it as a web service in Azure cloud in order to automatically classify support tickets. This project is a proof of concept made by Microsoft (Commercial Software Engineering team) in collaboration with Endava http://endava.com/en
Stars: ✭ 142 (+39.22%)
ScrummageThe Ultimate OSINT and Threat Hunting Framework
Stars: ✭ 355 (+248.04%)
AnyStatusA remote control for your CI/CD pipelines and more
Stars: ✭ 38 (-62.75%)
hassh-utilshassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)
Stars: ✭ 41 (-59.8%)
IronNetTRThreat research and reporting from IronNet's Threat Research Teams
Stars: ✭ 36 (-64.71%)
siembolAn open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.
Stars: ✭ 153 (+50%)
sqhunterA simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (-37.25%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+13.73%)
azureVM-Series ARM Templates for Microsoft Azure
Stars: ✭ 87 (-14.71%)
YaraHuntsRandom hunting ordiented yara rules
Stars: ✭ 86 (-15.69%)
Kong-API-ManagerKong API Manager with Prometheus And Graylog
Stars: ✭ 78 (-23.53%)
ir scriptsincident response scripts
Stars: ✭ 17 (-83.33%)
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-68.63%)
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Stars: ✭ 52 (-49.02%)
opalPolicy and data administration, distribution, and real-time updates on top of Open Policy Agent
Stars: ✭ 459 (+350%)
LogmiraLogmira by Blumira has been created by Amanda Berlin as a helpful download of Microsoft Windows Domain Group Policy Object settings.
Stars: ✭ 46 (-54.9%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+119.61%)
siemstressVery basic CLI SIEM (Security Information and Event Management system).
Stars: ✭ 24 (-76.47%)
ansible-splunk-playbookInstall a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook
Stars: ✭ 34 (-66.67%)
skalogs-bundleOpen Source data and event driven real time Monitoring and Analytics Platform
Stars: ✭ 16 (-84.31%)