Alternatives and similar repositories for santamon

Users that are interested in santamon are comparing it to the libraries listed below

• runreveal / sigmalite
  ☆51Updated last month
• Permiso-io-tools / bucket-shield
  ☆14Updated last month
• kaansk / go-epss
  A Golang library for interacting with the EPSS (Exploit Prediction Scoring System).
  ☆30Updated 11 months ago
• google / facade
  ☆139Updated 6 months ago
• NikolasBielski / Adversarial-Detection-Engineering-Framework
  A framework and taxonomy for identifying, classifying, and reasoning about detection logic bugs in SIEM, EDR, and XDR rules, with concret…
  ☆40Updated this week
• AppOmni-Labs / event-maturity-matrix
  The Event Maturity Matrix (EMM) is a comprehensive framework that provides clarity regarding the capabilities and nuances of SaaS audit l…
  ☆30Updated 7 months ago
• DuneGroup / ice-axe
  ☆23Updated last year
• facebookincubator / ForgeArmory
  ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).
  ☆121Updated last month
• jshlbrd / detection-engineering-pocket-guide
  pocket guide for core detection engineering concepts
  ☆31Updated 2 years ago
• Algbra-Labs-OSS / Chronicle
  ☆65Updated last year
• n0jam / gcp-ctf-workshop
  ☆41Updated last year
• SentineLabs / macos-ttps-yara
  A ruleset to find potentially malicious code in macOS malware samples
  ☆40Updated 2 years ago
• invictus-ir / Sigma-AWS
  This repository contains the research and components of our research into using Sigma for AWS Incident Response.
  ☆31Updated 2 years ago
• cado-security / AWS_EKS_Cluster_Forensics
  AWS EKS Cluster Forensics
  ☆23Updated 4 years ago
• hazcod / shade
  PoC shadow SaaS and insecure credential detection system using a browser extension.
  ☆41Updated this week
• bartblaze / FARA
  Repository that contains a set of purposefully erroneous Yara rules.
  ☆61Updated 6 months ago
• HarshVaragiya / aws-redteam-kit
  A PoC to Simulate Ransomware Attack on AWS Environment
  ☆32Updated last year
• Permiso-io-tools / cloudtail
  ☆30Updated 3 weeks ago
• nianticlabs / modron
  Modron - Cloud security compliance
  ☆34Updated last year
• anelshaer / Remote-Linux-Triage-Collection-using-OSquery
  Remotely collect linux live forensics artifacts.
  ☆14Updated 3 years ago
• crypsisgroup / ebs-direct-sec-tools
  Fun tools around the EBS Direct API
  ☆19Updated 4 years ago
• BreakingMhet / honeyzure
  HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…
  ☆17Updated last year
• vz-risk / flow
  Tools related to work with Attack Flow (https://github.com/center-for-threat-informed-defense/attack-flow)
  ☆44Updated 3 years ago
• tstromberg / ttp-bench
  Adversary emulation for EDR/SIEM testing (macOS/Linux)
  ☆53Updated last week
• telekom-security / acquire-aws-ec2
  A python script to acquire multiple aws ec2 instances in a forensically sound-ish way
  ☆38Updated 4 years ago
• PaloAltoNetworks / github-oidc-utils
  ☆36Updated 9 months ago
• referefref / aiocrioc
  An LLM and OCR based Indicator of Compromise Extraction Tool
  ☆38Updated last year
• threat-punter / detection-as-code-example
  A POC to implement Detection-as-Code with Terraform and Sumo Logic.
  ☆30Updated 2 years ago
• mercari / gcp-sa-key-checker
  A recon tool for GCP Service Account Keys that requires no permissions
  ☆25Updated 9 months ago
• lacework-dev / whalehoney_PUBLIC
  Public release of Whalehoney Honeypot
  ☆29Updated 3 years ago