Signature engine for all your logs
☆172Nov 13, 2023Updated 2 years ago
Alternatives and similar repositories for gene
Users that are interested in gene are comparing it to the libraries listed below
Sorting:
- ☆42Sep 16, 2022Updated 3 years ago
- Open Source EDR for Windows☆1,297Feb 25, 2023Updated 3 years ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆785Feb 22, 2026Updated last week
- An Active Defense and EDR software to empower Blue Teams☆1,316Aug 10, 2023Updated 2 years ago
- A modern Python-3-based alternative to RegRipper☆205Mar 31, 2025Updated 11 months ago
- Actionable analytics designed to combat threats☆1,005May 25, 2022Updated 3 years ago
- 16,432 Free Yara rules created by☆391Jun 1, 2019Updated 6 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆223May 1, 2021Updated 4 years ago
- Windows Events Attack Samples☆2,515Jan 24, 2023Updated 3 years ago
- PowerShell No Agent Hunting☆111Apr 23, 2018Updated 7 years ago
- Invoke-LiveResponse☆150Feb 22, 2022Updated 4 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Jan 30, 2018Updated 8 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago
- ☆170Nov 11, 2022Updated 3 years ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆644Jun 19, 2024Updated last year
- Repository of YARA rules made by Trellix ATR Team☆625Mar 18, 2025Updated 11 months ago
- Look into EDR events from network☆25Nov 20, 2025Updated 3 months ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆431Dec 22, 2023Updated 2 years ago
- Tools for the Computer Incident Response Team☆150Apr 17, 2017Updated 8 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated 2 months ago
- Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.☆1,338Dec 13, 2022Updated 3 years ago
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆387May 11, 2022Updated 3 years ago
- Query and report user logons relations from MS Windows Security Events☆243Aug 9, 2018Updated 7 years ago
- Reconstruct process trees from event logs☆147Aug 12, 2020Updated 5 years ago
- CyCAT.org taxonomies☆15May 22, 2021Updated 4 years ago
- Yet another registry parser☆138Apr 15, 2022Updated 3 years ago
- Re-play Security Events☆1,723Mar 20, 2024Updated last year
- A Splunk app mapped to MITRE ATT&CK to guide your threat hunts☆1,173Jul 26, 2023Updated 2 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- Utilities for Sysmon☆1,573Sep 21, 2025Updated 5 months ago
- A script to assist in processing forensic RAM captures for malware triage☆26Feb 4, 2021Updated 5 years ago
- DFIRTrack - The Incident Response Tracking Application☆532Jan 13, 2026Updated last month
- A Python library to help with some common threat hunting data analysis operations☆142Apr 23, 2023Updated 2 years ago
- Sysmon Tools for PowerShell☆233Aug 17, 2018Updated 7 years ago
- YARA signature and IOC database for my scanners and tools☆2,874Feb 5, 2026Updated 3 weeks ago
- A collection of resources for Threat Hunters☆914Oct 15, 2024Updated last year
- Open-source framework to detect outliers in Elasticsearch events☆205May 22, 2023Updated 2 years ago
- ETW Python Library☆292Aug 11, 2023Updated 2 years ago