ExtraHop / threat-intelligence-toolkit
Utility to automate generating and uploading STIX files to ExtraHop appliances via the REST API.
☆8Updated 8 months ago
Alternatives and similar repositories for threat-intelligence-toolkit:
Users that are interested in threat-intelligence-toolkit are comparing it to the libraries listed below
- ExtraHop public code examples☆33Updated 4 months ago
- Automated process to build and distribute Posture & Exposure Reports' bi-weekly to customers.☆17Updated last year
- OCA-wide documentation shared by all sub-projects and repositories☆33Updated 5 months ago
- Knowledge Report Alert & Normalization Generator☆27Updated last year
- Landing Page Content/Builder for MITRE Security Automation Framework☆28Updated last month
- Generic Signature Format for SIEM Systems☆14Updated 3 years ago
- Falcon Integration Gateway (FIG)☆18Updated last month
- Create machine images containing the Nessus vulnerability scanner☆12Updated last week
- Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…☆16Updated 3 years ago
- Coalfire GCP RAMP/pak Reference Architecture☆12Updated 7 months ago
- A CALDERA plugin☆26Updated 8 months ago
- Attack Range to test detection against nativel serverless cloud services and environments☆35Updated 3 years ago
- Simulates a compromise in a cloud and container environment☆32Updated 3 months ago
- Understand OVAL results in a blink of an eye☆35Updated 2 years ago
- This project can be used to create AMIs based on Kali Linux, a penetration testing distribution.☆19Updated last week
- Python samples and utilities for Chronicle APIs☆81Updated this week
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated last month
- Search a filesystem for indicators of compromise (IoC).☆70Updated last month
- Documentation for Zeek☆50Updated this week
- ☆48Updated this week
- Build Automated Machine Images for MISP☆28Updated last year
- DNS Dashboard for hunting and identifying beaconing☆15Updated 4 years ago
- OpenIOC rules to facilitate hunting for indicators of compromise☆37Updated 3 years ago
- Incident Response Network Tools☆24Updated 3 years ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆27Updated last year
- ☆33Updated 3 years ago
- Security Alert Decoration☆27Updated last week
- A CALDERA plugin☆13Updated last year
- A python script to acquire multiple aws ec2 instances in a forensically sound-ish way☆38Updated 3 years ago
- A tool to modify timestamps in a packet capture to a user selected date☆31Updated 3 years ago