S2ANS2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (+32.08%)
connectorsOpenCTI connectors
Stars: ✭ 135 (+154.72%)
threat-intelSignatures and IoCs from public Volexity blog posts.
Stars: ✭ 130 (+145.28%)
cycat-serviceCyCAT.org API back-end server including crawlers
Stars: ✭ 25 (-52.83%)
Misp MaltegoSet of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.
Stars: ✭ 112 (+111.32%)
testmynids.orgA website and framework for testing NIDS detection
Stars: ✭ 55 (+3.77%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+5477.36%)
attckr⚔️MITRE ATT&CK Machinations in R
Stars: ✭ 22 (-58.49%)
ElementalElemental - An ATT&CK Threat Library
Stars: ✭ 241 (+354.72%)
sqhunterA simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (+20.75%)
DPDK SURICATA-4 1 1dpdk infrastructure for software acceleration. Currently working on RX and ACL pre-filter
Stars: ✭ 81 (+52.83%)
altprobecollector for XDR and security posture service
Stars: ✭ 62 (+16.98%)
examplesNetwork Service Mesh examples repo
Stars: ✭ 14 (-73.58%)
community-id-specAn open standard for hashing network flows into identifiers, a.k.a "Community IDs".
Stars: ✭ 137 (+158.49%)
misp-takedownA curses-style interface for automatic takedown notification based on MISP events.
Stars: ✭ 19 (-64.15%)
TheBriarPatchAn extremely crude, lightweight Web Frontend for Suricata/Bro to be used with BriarIDS
Stars: ✭ 21 (-60.38%)
SIGMA-detection-rulesSet of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
Stars: ✭ 97 (+83.02%)
S1EMThis project is a SIEM with SIRP and Threat Intel, all in one.
Stars: ✭ 270 (+409.43%)
rstthreatsAggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.
Stars: ✭ 17 (-67.92%)
ayashigeAyashige provides a list of suspicious newly updated domains as a JSON feed
Stars: ✭ 27 (-49.06%)
ELK-HuntingThreat Hunting with ELK Workshop (InfoSecWorld 2017)
Stars: ✭ 58 (+9.43%)
kubescapeKubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.
Stars: ✭ 7,340 (+13749.06%)
TwiTiThis is a project of "#Twiti: Social Listening for Threat Intelligence" (TheWebConf 2021)
Stars: ✭ 120 (+126.42%)
IronNetTRThreat research and reporting from IronNet's Threat Research Teams
Stars: ✭ 36 (-32.08%)
FireHOL-IP-AggregatorApplication for keeping feeds from FireHOL https://github.com/firehol/blocklist-ipsets with IP addresses appearance history. HTTP-based API service is developed for search requests.
Stars: ✭ 26 (-50.94%)
pyc2bytecodeA Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
Stars: ✭ 70 (+32.08%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+322.64%)
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-58.49%)
PhishruffusIntelligent threat hunter and phishing servers
Stars: ✭ 44 (-16.98%)
gonidsgonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/
Stars: ✭ 140 (+164.15%)
ansibleAnsible playbook automation for pfelk
Stars: ✭ 23 (-56.6%)
vagrant-idsAn Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk
Stars: ✭ 21 (-60.38%)
MurMurHashThis little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (+49.06%)
rdppotRDP honeypot
Stars: ✭ 55 (+3.77%)
SSHapendoesCapture passwords of login attempts on non-existent and disabled accounts.
Stars: ✭ 31 (-41.51%)
pybinaryedgePython 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/
Stars: ✭ 16 (-69.81%)
malware-persistenceCollection of malware persistence and hunting information. Be a persistent persistence hunter!
Stars: ✭ 109 (+105.66%)
docker-mispA (nearly) production ready Dockered MISP
Stars: ✭ 184 (+247.17%)
intelligence-iconsintelligence-icons is a collection of icons and diagrams for building training and marketing materials around Intelligence sharing; including but not limited to CTI, MISP Threat Sharing, STIX 2.
Stars: ✭ 32 (-39.62%)
brimcapConvert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)
Stars: ✭ 22 (-58.49%)
balboaserver for indexing and querying passive DNS observations
Stars: ✭ 42 (-20.75%)
AWS-Mirror-ToolkitA set of tools and procedures for automating NSM and NIDS deployments in AWS
Stars: ✭ 16 (-69.81%)
ScrummageThe Ultimate OSINT and Threat Hunting Framework
Stars: ✭ 355 (+569.81%)
attack to verisThe principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.
Stars: ✭ 56 (+5.66%)
ThePhishThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+1175.47%)
pcapdjpcapdj - dispatch pcap files
Stars: ✭ 41 (-22.64%)
misp-osint-collectionCollection of best practices to add OSINT into MISP and/or MISP communities
Stars: ✭ 54 (+1.89%)
zeek-docsDocumentation for Zeek
Stars: ✭ 41 (-22.64%)