23 Open source projects that are alternatives of or similar to Microsoft-Defender-for-Endpoint-Queries

WhiteBeam: Transparent endpoint security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)

r2yara - Module for Yara using radare2 information

Carbon Black API - Python language bindings

The flexible TypeScript Markdown editor that powers https://octo.app

Microsoft Sentinel SOC Operations

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

安全、可靠、简单、免费的企业级蜜罐

A curated list of awesome threat detection and hunting resources

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

The Hunting ELK

KQL queries for Advanced Hunting

Extensión GIS para impresión 3D de MDE

A markdown editor using codemirror and previewer using @jhuix/showdowns for Vue.js.

Collection of tool you need to have in your Endpoint Detection and Response arsenal

PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.

Collection of scripts for use with Carbon Black Cb Response API

PowerShell Module for managing Microsoft Defender Advanced Threat Protection