257 Open source projects that are alternatives of or similar to TA-Sysmon-deploy

A repository of sysmon configuration modules

incident response scripts

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Open Source EDR for Windows

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Sysmon configuration file template with default high-quality event tracing

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Incident Response - Fast suspicious file finder

Test Blue Team detections without running any attack.

Extract and aggregate threat intelligence.

Sysmon Splunk App

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Threat Detection & Anomaly Detection rules for popular open-source components

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Generic Signature Format for SIEM Systems

Automate the creation of a lab environment complete with security tooling and logging best practices

Recon Hunt Queries

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Windows Events Attack Samples

Misc Threat Hunting Resources

Utilities for Sysmon

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Pushes Sysmon Configs

Your Everyday Threat Intelligence

Signature base for my scanner tools

Consolidation of various resources related to Microsoft Sysmon & sample data/log

All-in-one bundle of MISP, TheHive and Cortex

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Semantic Logger is a feature rich logging framework, and replacement for existing Ruby & Rails loggers.

Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook

Various Splunk Scripts and applets, all in one place

Splunk Connect for Ethereum

Live system forensic collector

Splunk distribution of Open Telemetry for browser environment.

A Splunk modular input for ingesting Prometheus metrics

Add-on for ingesting DMARC aggregate reports into Splunk

An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk

A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.

Splunk Technology Add-On (TA) for collecting ETW events from Windows systems

This repository contains tools used by 401trg.

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

Kong API Manager with Prometheus And Graylog

Splunk Connect for Syslog

Kafka Connect connector for receiving data and writing data to Splunk.

Timeline of Active Directory changes with replication metadata

Cortex Analyzers Repository

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

Config viewer and file editor for Splunk. Based on VSCode.

DFIRTrack - The Incident Response Tracking Application

The source code of the book "Spring Microservices in Action (John Carnell)" and the personal summary of technical essentials about Spring Boot for microservices.

🔮 Visibility Across Space and Time

Configurable Fanuc Focas data collector and post processor.

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

A knowledge base of actionable Incident Response techniques

Query and report user logons relations from MS Windows Security Events

Splunk Add on for OPNsense firewall

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.