SWELFSimple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Stars: ✭ 23 (-96.6%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+81.8%)
BluespawnAn Active Defense and EDR software to empower Blue Teams
Stars: ✭ 737 (+9.02%)
SigmaGeneric Signature Format for SIEM Systems
Stars: ✭ 4,418 (+553.55%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (-68.2%)
Sysmon ConfigSysmon configuration file template with default high-quality event tracing
Stars: ✭ 3,287 (+386.24%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (-60.95%)
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (-74.11%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (-89.2%)
Adaz🔧 Automatically deploy customizable Active Directory labs in Azure
Stars: ✭ 197 (-70.86%)
Auditd AttackA Linux Auditd rule set mapped to MITRE's Attack Framework
Stars: ✭ 642 (-5.03%)
ThePhishThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+0%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-66.86%)
SIGMA-detection-rulesSet of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
Stars: ✭ 97 (-85.65%)
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-95.27%)
SpiderfootSpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+918.05%)
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (-94.97%)
attack-evalsATT&CK Evaluations website (DEPRECATED)
Stars: ✭ 57 (-91.57%)
cycat-serviceCyCAT.org API back-end server including crawlers
Stars: ✭ 25 (-96.3%)
connectorsOpenCTI connectors
Stars: ✭ 135 (-80.03%)
attckr⚔️MITRE ATT&CK Machinations in R
Stars: ✭ 22 (-96.75%)
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (-90.53%)
attack to verisThe principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.
Stars: ✭ 56 (-91.72%)
DomainCATDomain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Stars: ✭ 34 (-94.97%)
S2ANS2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (-89.64%)
GDPatrolA Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (-92.6%)
Terraform Aws Secure BaselineTerraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
Stars: ✭ 596 (-11.83%)
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-96.75%)
ir scriptsincident response scripts
Stars: ✭ 17 (-97.49%)
ZircoliteA standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Stars: ✭ 443 (-34.47%)
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (-57.99%)
Attack ScriptsScripts and a (future) library to improve users' interactions with the ATT&CK content
Stars: ✭ 290 (-57.1%)
Terraform KubestackTerraform GitOps Framework — Everything you need to build reliable automation for AKS, EKS and GKE Kubernetes clusters in one free and open-source framework.
Stars: ✭ 300 (-55.62%)
Adversary emulation libraryAn open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
Stars: ✭ 295 (-56.36%)
OpenVAS-DockerA Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)
Stars: ✭ 16 (-97.63%)
WatcherWatcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (-52.07%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-46.3%)
NaosA mildly opiniated modern cloud service architecture blueprint + reference implementation
Stars: ✭ 19 (-97.19%)
MispMISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+415.53%)
ThreatmapperIdentify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (-46.6%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+472.93%)
TerratagTerratag is a CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources
Stars: ✭ 385 (-43.05%)
OtsecaOpen source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
Stars: ✭ 416 (-38.46%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (-35.06%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-43.49%)
ShuffleShuffle: A general purpose security automation platform platform. We focus on accessibility for all.
Stars: ✭ 424 (-37.28%)