2349 Open source projects that are alternatives of or similar to Sentinel Attack

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

A repository of sysmon configuration modules

Repository with Sample KQL Query examples for Threat Hunting

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

An Active Defense and EDR software to empower Blue Teams

Pushes Sysmon Configs

Generic Signature Format for SIEM Systems

Test Blue Team detections without running any attack.

Sysmon configuration file template with default high-quality event tracing

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

PCAP Samples for Different Post Exploitation Techniques

Explore Indicators of Compromise Automatically

Utilities for Sysmon

🔧 Automatically deploy customizable Active Directory labs in Azure

A Linux Auditd rule set mapped to MITRE's Attack Framework

ThePhish: an automated phishing email analysis tool

Malware Sample Sources

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Threat Detection & Anomaly Detection rules for popular open-source components

Repository for threat hunting and detection queries, tools, etc.

Threat Hunting queries for various attacks

A collection of awesome security hardening guides, tools and other resources

ATT&CK Evaluations website (DEPRECATED)

CyCAT.org API back-end server including crawlers

OpenCTI connectors

⚔️MITRE ATT&CK Machinations in R

A python module for working with ATT&CK

Consolidation of various resources related to Microsoft Sysmon & sample data/log

The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.

Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations

Microsoft Sentinel SOC Operations

recon-ng modules for Censys

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

A Lambda-powered Security Orchestration framework for AWS GuardDuty

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

MITRE Shield website

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

incident response scripts

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

Scripts and a (future) library to improve users' interactions with the ATT&CK content

Terraform GitOps Framework — Everything you need to build reliable automation for AKS, EKS and GKE Kubernetes clusters in one free and open-source framework.

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Cloud Adoption Framework for Azure - Terraform landing zones

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

A mildly opiniated modern cloud service architecture blueprint + reference implementation

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Identify vulnerabilities in running containers, images, hosts and repositories

ApplicationInsights-dotnet

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Terratag is a CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Extract and aggregate threat intelligence.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.