0xrawsec / gene
Signature engine for all your logs
☆168Updated last year
Alternatives and similar repositories for gene:
Users that are interested in gene are comparing it to the libraries listed below
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 5 years ago
- YARA rule analyzer to improve rule quality and performance☆99Updated 3 weeks ago
- A VBA parser and emulation engine to analyze malicious macros.☆96Updated 3 weeks ago
- Blueteam operational triage registry hunting/forensic tool.☆145Updated last year
- Sysmon EDR POC Build within Powershell to prove ability.☆224Updated 4 years ago
- A repository that maps API calls to Sysmon Event ID's.☆119Updated 2 years ago
- YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA☆104Updated last month
- simple YARA-based IOC scanner☆169Updated 2 months ago
- ☆164Updated 4 years ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆85Updated 2 years ago
- An Inofficial Sysmon Version History (Change Log)☆32Updated 4 years ago
- A repo to document API functions mapped to security events across diverse platforms☆75Updated 5 years ago
- attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage☆112Updated 2 years ago
- Sigma Detection Rule Repository☆87Updated 4 years ago
- ☆302Updated 4 years ago
- ☆53Updated 6 years ago
- Invoke-LiveResponse☆147Updated 3 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆108Updated 6 years ago
- ☆40Updated 2 years ago
- Cuckoo running in a nested hypervisor☆128Updated 4 years ago
- c2 traffic☆188Updated 2 years ago
- Automatically create YARA rules from malicious documents.☆211Updated 2 years ago
- HXTool is an extended user interface for the FireEye HX Endpoint product. HXTool can be installed on a dedicated server or on your physic…☆79Updated 10 months ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 7 years ago
- ATT&CK Remote Threat Hunting Incident Response☆200Updated 5 months ago
- ☆116Updated last year
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆116Updated 4 years ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆165Updated 2 years ago
- A CALDERA plugin☆76Updated 2 weeks ago
- Cobalt Strike Beacon configuration extractor and parser.☆152Updated 3 years ago