194 Open source projects that are alternatives of or similar to S2AN

Mapping NSM rules to MITRE ATT&CK

Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

An Active Defense and EDR software to empower Blue Teams

A Linux Auditd rule set mapped to MITRE's Attack Framework

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

A repository of sysmon configuration modules

This project is a SIEM with SIRP and Threat Intel, all in one.

Resources To Learn And Understand SIGMA Rules

Threat Detection & Anomaly Detection rules for popular open-source components

Windows Events Attack Samples

Recon Hunt Queries

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

PCAP Samples for Different Post Exploitation Techniques

Tracking APT IOCs

Templates for the Microsoft Threat Modeling Tool

Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.

The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.

ATT&CK Evaluations website (DEPRECATED)

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

pcapdj - dispatch pcap files

Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations

Microsoft Sentinel SOC Operations

See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)

PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

the fastest way to consume threat intelligence.

MITRE Shield website

Signatures and IoCs from public Volexity blog posts.

Pushes Sysmon Configs

A python module for working with ATT&CK

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Consolidation of various resources related to Microsoft Sysmon & sample data/log

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..

A website and framework for testing NIDS detection

Deploy and maintain Symon through the Splunk Deployment Sever

recon-ng modules for Censys

Threat hunting Web Windows AD linux ATT&CK TTPs

This repository contains tools used by 401trg.

The Ultimate OSINT and Threat Hunting Framework

🧊 Інститут Формальної Математики

Ansible playbook automation for pfelk

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

fast, extensible, versatile event router for Suricata's EVE-JSON format

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

dpdk infrastructure for software acceleration. Currently working on RX and ACL pre-filter

Render igraphs from R using Sigma.js

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

This project empowers defenders with independent data on which native security controls of leading technology platforms are most useful in defending against the adversary TTPs they care about.

Capture passwords of login attempts on non-existent and disabled accounts.

Nmap&Zmap特征识别，绕过IDS探测

CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

The Open Security Summit 2020 is focused on the collaboration between, Developers and Application Security

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)

An All-In-One home intrusion detection system (IDS) solution for the Raspberry PI.