ExtraHop / threat-intelligence-toolkit
Utility to automate generating and uploading STIX files to ExtraHop appliances via the REST API.
☆8Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for threat-intelligence-toolkit
- ExtraHop public code examples☆33Updated 2 weeks ago
- Pep up your Windows Event Collector (WEC) for Windows Event Forwarding (WEF)☆19Updated 3 years ago
- An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…☆42Updated 2 weeks ago
- Automated process to build and distribute Posture & Exposure Reports' bi-weekly to customers.☆17Updated 9 months ago
- Falcon Integration Gateway (FIG)☆18Updated last month
- OCA-wide documentation shared by all sub-projects and repositories☆33Updated 3 weeks ago
- OSCAL SSP content for technologies shipped by Red Hat☆15Updated last year
- Coalfire GCP RAMP/pak Reference Architecture☆12Updated 2 months ago
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆51Updated last year
- This project can be used to create AMIs based on Kali Linux, a penetration testing distribution.☆17Updated last month
- Repo for Automations and other solutions for Elastic SIEM/Security.☆18Updated 3 years ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated 2 weeks ago
- Security Alert Decoration☆26Updated this week
- Example Suricata rules implementing some of my detection tactics☆20Updated last year
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆49Updated 2 years ago
- Import CrowdStrike Threat Intelligence into your instance of MISP☆42Updated last month
- Notes for High Availability MISP in AWS☆19Updated 5 years ago
- OpenIOC rules to facilitate hunting for indicators of compromise☆38Updated 2 years ago
- ICS/OT related Wireshark profiles + adding some other (IT or OT related) Open Source Wireshark Profiles☆16Updated 2 weeks ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆25Updated last year
- eMASSer is a command-line interface (CLI) that aims to automate routine business use-cases and provide utility surrounding the Enterprise…☆35Updated last month
- Workflows for Shuffle☆20Updated 2 years ago
- Knowledge Report Alert & Normalization Generator☆27Updated 8 months ago
- ☆48Updated this week
- Kestrel Jupyter Notebook Kernel☆9Updated last year
- A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach f…☆12Updated 4 years ago
- ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CK® v…☆16Updated 3 weeks ago
- ☆40Updated 5 months ago
- Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…☆18Updated 4 years ago