Cisco-Talos / osquery_queries

Related projects ⓘ

Alternatives and complementary repositories for osquery_queries

• ReconInfoSec / rhq
  Recon Hunt Queries
  ☆75Updated 3 years ago
• 0xThiebaut / sigmai
  Import specific data sources into the Sigma generic and open signature format.
  ☆77Updated 2 years ago
• 3CORESec / SIEGMA
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆141Updated last year
• P4T12ICK / Sigma-Rule-Repository
  Sigma Detection Rule Repository
  ☆85Updated 4 years ago
• Kirtar22 / ThreatHunting_with_Osquery
  Threat Hunting & Incident Investigation with Osquery
  ☆198Updated 2 years ago
• sttor / awesome-osquery
  Osquery Resources
  ☆59Updated 5 years ago
• OTRF / infosec-jupyterthon
  A community event for security researchers to share their favorite notebooks
  ☆106Updated 9 months ago
• OTRF / OSSEM-CDM
  OSSEM Common Data Model
  ☆54Updated 2 years ago
• target / halogen
  Automatically create YARA rules from malicious documents.
  ☆208Updated 2 years ago
• weslambert / securityonion-misp
  ☆34Updated 3 years ago
• k-bailey / detection-engineering-maturity-matrix
  ☆87Updated 2 years ago
• sfakiana / SANS-CTI-Summit-2021
  Resources for SANS CTI Summit 2021 presentation
  ☆102Updated last year
• mitre / stockpile
  A CALDERA plugin
  ☆72Updated 2 weeks ago
• invictus-ir / ALFA
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆145Updated last week
• TheHive-Project / awesome
  A curated list of awesome things related to TheHive & Cortex
  ☆173Updated 3 years ago
• CybercentreCanada / CCCS-Yara
  YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA
  ☆98Updated 2 months ago
• RH-ISAC / PyOTI
  Python library for threat intelligence
  ☆80Updated 4 months ago
• P4T12ICK / Sigma-Hunting-App
  A Splunk App containing Sigma detection rules, which can be updated from a Git repository.
  ☆107Updated 4 years ago
• joshlemon / DFIR-Reference-Frameworks
  Repository of public reference frameworks for the DFIR community.
  ☆109Updated last year
• socprime / SigmaUI
  SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)
  ☆184Updated 3 years ago
• socprime / soc_workflow_app_ce
  SOC Workflow App helps Security Analysts and Threat Hunters explore suspicious events, look into raw events arriving at the Elastic Stack…
  ☆92Updated 2 years ago
• LetMeR00t / TA-thehive-cortex
  Technical add-on for Splunk related to TheHive/Cortex from TheHive project
  ☆49Updated 3 weeks ago
• splunk / attack_range_cloud
  Attack Range to test detection against nativel serverless cloud services and environments
  ☆35Updated 3 years ago
• gertjanbruggink / metrics
  This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.
  ☆97Updated 8 months ago
• redcanaryco / surveyor
  A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.
  ☆182Updated this week
• csirtgadgets / cif-v5
  The FASTEST way to consume threat intel.
  ☆64Updated last year
• ReconInfoSec / velociraptor-to-timesketch
  ☆1Updated 3 weeks ago
• 3CORESec / S2AN
  S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
  ☆84Updated last year
• PwCUK-CTO / SANSCTISummit2021-xStart
  Indicators of compromise, YARA rules, and Python scripts to supplement the SANS CTI Summit 2021 talk: "xStart when you're ready".
  ☆14Updated 3 years ago