nsm-attackMapping NSM rules to MITRE ATT&CK
Stars: ✭ 53 (-24.29%)
SIGMA-detection-rulesSet of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
Stars: ✭ 97 (+38.57%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+277.14%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+865.71%)
ZircoliteA standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Stars: ✭ 443 (+532.86%)
BluespawnAn Active Defense and EDR software to empower Blue Teams
Stars: ✭ 737 (+952.86%)
Auditd AttackA Linux Auditd rule set mapped to MITRE's Attack Framework
Stars: ✭ 642 (+817.14%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+954.29%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+1655.71%)
S1EMThis project is a SIEM with SIRP and Threat Intel, all in one.
Stars: ✭ 270 (+285.71%)
SIGMA-ResourcesResources To Learn And Understand SIGMA Rules
Stars: ✭ 61 (-12.86%)
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (-51.43%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-5.71%)
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (+150%)
thremulation-stationSmall-scale threat emulation and detection range built on Elastic and Atomic Redteam.
Stars: ✭ 28 (-60%)
attack to verisThe principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.
Stars: ✭ 56 (-20%)
attack-evalsATT&CK Evaluations website (DEPRECATED)
Stars: ✭ 57 (-18.57%)
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Stars: ✭ 52 (-25.71%)
pcapdjpcapdj - dispatch pcap files
Stars: ✭ 41 (-41.43%)
DomainCATDomain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Stars: ✭ 34 (-51.43%)
ezEmuSee adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)
Stars: ✭ 89 (+27.14%)
ps-srum-huntingPowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
Stars: ✭ 16 (-77.14%)
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-54.29%)
csirtg-smrt-v1the fastest way to consume threat intelligence.
Stars: ✭ 27 (-61.43%)
threat-intelSignatures and IoCs from public Volexity blog posts.
Stars: ✭ 130 (+85.71%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+531.43%)
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (-8.57%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+220%)
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+301.43%)
testmynids.orgA website and framework for testing NIDS detection
Stars: ✭ 55 (-21.43%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (-55.71%)
utilitiesThis repository contains tools used by 401trg.
Stars: ✭ 19 (-72.86%)
ScrummageThe Ultimate OSINT and Threat Hunting Framework
Stars: ✭ 355 (+407.14%)
ansibleAnsible playbook automation for pfelk
Stars: ✭ 23 (-67.14%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (-5.71%)
feverfast, extensible, versatile event router for Suricata's EVE-JSON format
Stars: ✭ 47 (-32.86%)
mail to mispConnect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (-12.86%)
DPDK SURICATA-4 1 1dpdk infrastructure for software acceleration. Currently working on RX and ACL pre-filter
Stars: ✭ 81 (+15.71%)
sigmaNetRender igraphs from R using Sigma.js
Stars: ✭ 38 (-45.71%)
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (+74.29%)
security-stack-mappingsThis project empowers defenders with independent data on which native security controls of leading technology platforms are most useful in defending against the adversary TTPs they care about.
Stars: ✭ 305 (+335.71%)
SSHapendoesCapture passwords of login attempts on non-existent and disabled accounts.
Stars: ✭ 31 (-55.71%)
Cve 2020 16898CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Stars: ✭ 207 (+195.71%)
kestrel-langKestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
Stars: ✭ 165 (+135.71%)
oss2020The Open Security Summit 2020 is focused on the collaboration between, Developers and Application Security
Stars: ✭ 26 (-62.86%)
ELK-HuntingThreat Hunting with ELK Workshop (InfoSecWorld 2017)
Stars: ✭ 58 (-17.14%)
Py Idstoolsidstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)
Stars: ✭ 205 (+192.86%)
BriaridsAn All-In-One home intrusion detection system (IDS) solution for the Raspberry PI.
Stars: ✭ 187 (+167.14%)