159 Open source projects that are alternatives of or similar to SIGMA-detection-rules

Your Everyday Threat Intelligence

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

🔧 Automatically deploy customizable Active Directory labs in Azure

A scanner for taking basic fingerprints

PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting

The Ultimate OSINT and Threat Hunting Framework

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)

Kaspersky's GReAT KLara

Random hunting ordiented yara rules

Extract and aggregate threat intelligence.

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

This repository contains tools used by 401trg.

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

Tools for hunting for threats.

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

the fastest way to consume threat intelligence.

Don't Just Search OSINT. Sweep It.

🔍 Mindmaps for threat hunting - work in progress.

Pushes Sysmon Configs

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Repository with Sample KQL Query examples for Threat Hunting

Capture passwords of login attempts on non-existent and disabled accounts.

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

All-in-one bundle of MISP, TheHive and Cortex

My personal experience in Threat Hunting and knowledge gained so far.

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.

incident response scripts

A toolkit for Security Researchers

Threat Hunting queries for various attacks

Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).

A curated list of awesome YARA rules, tools, and people.

Real-time HTTP Intrusion Detection

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

Malware Sample Sources

Threat hunting Web Windows AD linux ATT&CK TTPs

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

A simple threat hunting tool based on osquery, Salt Open and Cymon API

PatrowlHears - Vulnerability Intelligence Center / Exploits

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Consolidation of various resources related to Microsoft Sysmon & sample data/log

Personal compilation of APT malware from whitepaper releases, documents and own research

This project is a SIEM with SIRP and Threat Intel, all in one.

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Signature base for my scanner tools