CiscoSecurity / fp-05-firepower-cef-connector-arcsight
Cisco eStreamer client
☆25Updated 2 years ago
Related projects: ⓘ
- Ansible playbook for installing MineMeld on Linux☆48Updated 3 years ago
- MineMeld nodes for MISP☆18Updated 7 months ago
- WebUI of MineMeld☆43Updated last year
- Elastic Beat for fetching and shipping Office 365 audit events☆66Updated 4 years ago
- SOC Workflow App helps Security Analysts and Threat Hunters explore suspicious events, look into raw events arriving at the Elastic Stack…☆92Updated 2 years ago
- Sysmon Splunk App☆46Updated 6 years ago
- scripts to configure the Splunk Universal Forwarder in a locked down state☆39Updated 5 years ago
- A collection of Cortex Analyzers and Responders for TheHive/Cortex☆13Updated 4 years ago
- ☆51Updated 3 years ago
- ☆34Updated 3 years ago
- ☆31Updated this week
- Carbon Black Feeds☆70Updated last year
- Sunburst IOCs for Splunk Ingest☆18Updated 3 years ago
- Synapse: a Meta Alert Feeder for TheHive, a Security Incident Response Platform☆71Updated last year
- Risk Based Alerting Supporting Add-On (SA) for Splunk☆44Updated 2 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆105Updated 4 years ago
- This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.☆27Updated 3 years ago
- A Splunk app with saved reports derived from Sigma rules☆72Updated 6 years ago
- Threat Intelligence with Elastic - Minemeld integration with Elasticsearch☆19Updated 3 years ago
- Volatility plugins developed and maintained by the community☆21Updated 6 years ago
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Updated 4 years ago
- Deploy and maintain Symon through the Splunk Deployment Sever☆31Updated 4 years ago
- ☆13Updated this week
- ☆48Updated 4 years ago
- ☆131Updated 5 months ago
- Allows to pull asset and identity data into Splunk app for Enterprise Security from LDAP and other sources☆27Updated 6 years ago
- Pulls IOCs from MISP and adds the to reference sets in QRadar☆33Updated last year
- Run zeek with zeekctl in docker☆46Updated last week
- Subscribe to raw VMware Carbon Black EDR event feed and forward to another system, such as Splunk.☆73Updated 4 months ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆51Updated 2 years ago