558 Open source projects that are alternatives of or similar to blue-teaming-with-kql

Microsoft Sentinel SOC Operations

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

Splunk code (SPL) useful for serious threat hunters.

SIEM Tactics, Techiques, and Procedures

Open-source framework to detect outliers in Elasticsearch events

Pushes Sysmon Configs

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Threat Detection & Anomaly Detection rules for popular open-source components

🔧 Automatically deploy customizable Active Directory labs in Azure

Parse pfSense/OPNSense logs using Logstash, GeoIP tag entities, add additional context to logs, then send to Azure Sentinel for analysis.

Kirby 3 + Vue.js kit

KQL queries for Advanced Hunting

Python bindings for Yeti's API

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

A game designed to teach and learn serverless durable functions in C#

R interface to Kusto/Azure Data Explorer. Submit issues and PRs at https://github.com/Azure/AzureKusto

A Lambda-powered Security Orchestration framework for AWS GuardDuty

Azure Monitor for Containers

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

CLI for Enterprise Application Access (EAA)

A sample gallery of scripts to manage all things Microsoft 365.

Compendium of Serverless samples with Azure Cosmos DB

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

SIEM Logstash parsing for more than hundred technologies

Repository for threat hunting and detection queries, tools, etc.

enpoint detection / live analysis & sandbox host / signatures quality test

A super tiny agent (binary 5MB, container 12MB) that pushs app logs to Azure Log Analytics (OMS)

Demo for Elastic's Auditbeat and SIEM

Searches online paste sites for certain search terms which can indicate a possible data breach.

My personal experience in Threat Hunting and knowledge gained so far.

Threat hunting Web Windows AD linux ATT&CK TTPs

This case study shows how to create a model for text analysis and classification and deploy it as a web service in Azure cloud in order to automatically classify support tickets. This project is a proof of concept made by Microsoft (Commercial Software Engineering team) in collaboration with Endava http://endava.com/en

Microsoft Azure Kusto Library for Java

Leverage Sophos Central API

The Ultimate OSINT and Threat Hunting Framework

A remote control for your CI/CD pipelines and more

hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)

Threat research and reporting from IronNet's Threat Research Teams

An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.

Self-hosted Azure DevOps Agent on Azure Kubernetes

A simple threat hunting tool based on osquery, Salt Open and Cymon API

Incident Response - Fast suspicious file finder

VM-Series ARM Templates for Microsoft Azure

Random hunting ordiented yara rules

Kong API Manager with Prometheus And Graylog

NodeJS SDK for the Kusto service

incident response scripts

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

How to detect device status with Azure Durable Entities

Policy and data administration, distribution, and real-time updates on top of Open Policy Agent

Logmira by Blumira has been created by Amanda Berlin as a helpful download of Microsoft Windows Domain Group Policy Object settings.

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Very basic CLI SIEM (Security Information and Event Management system).

Kafka sink for Kusto

recon-ng modules for Censys

Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook

Open Source data and event driven real time Monitoring and Analytics Platform