Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+3864.52%)
ir scriptsincident response scripts
Stars: ✭ 17 (-45.16%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+9187.1%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (+506.45%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+2080.65%)
Sysmon ConfigSysmon configuration file template with default high-quality event tracing
Stars: ✭ 3,287 (+10503.23%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+3048.39%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+274.19%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (+593.55%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+1316.13%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+622.58%)
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (+9.68%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+751.61%)
SigmaGeneric Signature Format for SIEM Systems
Stars: ✭ 4,418 (+14151.61%)
DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+10341.94%)
rhqRecon Hunt Queries
Stars: ✭ 66 (+112.9%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+2280.65%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (+554.84%)
SysmontoolsUtilities for Sysmon
Stars: ✭ 903 (+2812.9%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+729.03%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+3245.16%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+3809.68%)
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (+106.45%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (+332.26%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (+780.65%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (+196.77%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (+390.32%)
semantic loggerSemantic Logger is a feature rich logging framework, and replacement for existing Ruby & Rails loggers.
Stars: ✭ 730 (+2254.84%)
ansible-splunk-playbookInstall a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook
Stars: ✭ 34 (+9.68%)
SplunkScripletsVarious Splunk Scripts and applets, all in one place
Stars: ✭ 24 (-22.58%)
PackratLive system forensic collector
Stars: ✭ 16 (-48.39%)
splunk-otel-js-webSplunk distribution of Open Telemetry for browser environment.
Stars: ✭ 23 (-25.81%)
TA-dmarcAdd-on for ingesting DMARC aggregate reports into Splunk
Stars: ✭ 14 (-54.84%)
vagrant-idsAn Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk
Stars: ✭ 21 (-32.26%)
evtx2jsonA tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.
Stars: ✭ 38 (+22.58%)
TA ETWSplunk Technology Add-On (TA) for collecting ETW events from Windows systems
Stars: ✭ 17 (-45.16%)
utilitiesThis repository contains tools used by 401trg.
Stars: ✭ 19 (-38.71%)
mail to mispConnect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (+96.77%)
Kong-API-ManagerKong API Manager with Prometheus And Graylog
Stars: ✭ 78 (+151.61%)
kafka-connect-splunkKafka Connect connector for receiving data and writing data to Splunk.
Stars: ✭ 25 (-19.35%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+712.9%)
EventTranscript.db-ResearchA repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (+6.45%)
config explorerConfig viewer and file editor for Splunk. Based on VSCode.
Stars: ✭ 20 (-35.48%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+648.39%)
spring-microservices-in-actionThe source code of the book "Spring Microservices in Action (John Carnell)" and the personal summary of technical essentials about Spring Boot for microservices.
Stars: ✭ 54 (+74.19%)
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+632.26%)
fanuc-driverConfigurable Fanuc Focas data collector and post processor.
Stars: ✭ 38 (+22.58%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+112.9%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (+45.16%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+629.03%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+612.9%)
TA-opnsenseSplunk Add on for OPNsense firewall
Stars: ✭ 13 (-58.06%)
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (+293.55%)