ExtraHop / code-examples

Related projects ⓘ

Alternatives and complementary repositories for code-examples

• ExtraHop / threat-intelligence-toolkit
  Utility to automate generating and uploading STIX files to ExtraHop appliances via the REST API.
  ☆8Updated 4 months ago
• CiscoSE / SnortBlocklistImporter
  This is a script to import Cisco Talos's IP Blacklist into a Tag (Host Group) within Stealthwatch. This will also optionally create a Cu…
  ☆11Updated last year
• activecm / devprof
  Device profile: Define acceptable amounts of traffic for your devices and see a report of outliers.
  ☆16Updated 4 years ago
• activecm / espy
  Endpoint detection for remote hosts for consumption by RITA and Elasticsearch
  ☆67Updated last year
• rapid7 / insightconnect-plugins
  Plugin source code for the InsightConnect SOAR product, developer documentation at https://docs.rapid7.com/insightconnect/getting-started
  ☆67Updated this week
• activecm / threat-hunting-labs
  Collection of walkthroughs on various threat hunting techniques
  ☆75Updated 4 years ago
• activecm / docker-zeek
  Run zeek with zeekctl in docker
  ☆50Updated 2 months ago
• cisagov / ioc-scanner
  Search a filesystem for indicators of compromise (IoC).
  ☆68Updated 2 months ago
• CrowdStrike / community
  CrowdStrike's Open Source Policy & Contribution Guide
  ☆39Updated last year
• Security-Onion-Solutions / securityonion-docs
  ☆85Updated this week
• PaloAltoNetworks / minemeld-misp
  MineMeld nodes for MISP
  ☆18Updated 10 months ago
• Cisco-Talos / osquery_queries
  Cisco Orbital - Osquery queries by Talos
  ☆124Updated 3 months ago
• PaloAltoNetworks / minemeld-docker
  Official Palo Alto Networks MineMeld docker
  ☆16Updated 4 years ago
• jasonsford / IPScraper
  This script provides a Python library with methods to authenticate to various sources of threat intelligence and query IPs for the latest…
  ☆18Updated 2 years ago
• splunk / attack_range_cloud
  Attack Range to test detection against nativel serverless cloud services and environments
  ☆35Updated 3 years ago
• chrissanders / idh
  Intrusion Detection Honeypots Book Code
  ☆24Updated 4 years ago
• PaloAltoNetworks / minemeld-ansible
  Ansible playbook for installing MineMeld on Linux
  ☆48Updated 3 years ago
• HASecuritySolutions / LogCampaign
  Provides detection capabilities and log conversion to evtx or syslog capabilities
  ☆52Updated 2 years ago
• sans-blue-team / sec530-wiki
  ☆53Updated 3 years ago
• PwCUK-CTO / SANSCTISummit2021-xStart
  Indicators of compromise, YARA rules, and Python scripts to supplement the SANS CTI Summit 2021 talk: "xStart when you're ready".
  ☆14Updated 3 years ago
• CrowdStrike / FDR
  Falcon Data Replicator
  ☆30Updated 7 months ago
• CrowdStrike / caracara
  Developer enhancements (DX) for FalconPy, the CrowdStrike Python SDK
  ☆37Updated last week
• CiscoSecurity / fp-05-firepower-cef-connector-arcsight
  Cisco eStreamer client
  ☆25Updated 2 years ago
• HKcyberstark / wazuh-ecs
  Parse wazuh[HIDS] alerts into ECS mapping using Filebeat
  ☆27Updated 4 years ago
• 0xtf / testmynids.org
  A website and framework for testing NIDS detection
  ☆56Updated 3 years ago
• jafarspalace / Crowdstrike-Falcon-Scripts
  Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation
  ☆22Updated 3 months ago
• CrowdStrike / MISP-tools
  Import CrowdStrike Threat Intelligence into your instance of MISP
  ☆42Updated last month
• swisscom / detections
  Threat intelligence and threat detection indicators (IOC, IOA)
  ☆53Updated 3 years ago
• carbonblack / carbon-black-cloud-sdk-python
  VMware Carbon Black Cloud Python SDK
  ☆42Updated last week