This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deploying a repository of use-cases for the Sentinel and Microsoft 365 Defender products.
☆18Mar 10, 2023Updated 3 years ago
Alternatives and similar repositories for FalconForge
Users that are interested in FalconForge are comparing it to the libraries listed below
Sorting:
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆51Sep 22, 2025Updated 5 months ago
- A collection of ARM-based detections for Azure/AzureAD based TTPs☆90Dec 12, 2023Updated 2 years ago
- Pull author and committer names and emails from Travis-CI☆11Aug 9, 2020Updated 5 years ago
- Solutions developed by the MDEASM Customer Experience Engineering (CxE) Go-To Production (GTP) team for Azure MDEASM☆29Feb 3, 2025Updated last year
- Import custom queries into BloodHound CE from a legacy BloodHound JSON file.☆10Mar 22, 2024Updated last year
- ☆96Jan 7, 2026Updated 2 months ago
- ☆12Jul 15, 2022Updated 3 years ago
- Google Cloud Security Command Center to Azure Sentinel Connector☆19Jul 15, 2023Updated 2 years ago
- A POC to implement Detection-as-Code with Terraform and Sumo Logic.☆31Jul 27, 2023Updated 2 years ago
- Random Powershell scripts☆13Feb 13, 2024Updated 2 years ago
- GitHub action for validating Microsoft Sentinel detection rules☆14May 22, 2023Updated 2 years ago
- Azure OpenAI Playbook created for Microsoft Sentinel☆13May 2, 2024Updated last year
- CVE-2023-20198 Checkscript☆20Oct 23, 2023Updated 2 years ago
- KQL for Azure Resource Manager and AppID search☆23Aug 15, 2024Updated last year
- Terraform Module to create fully stateful Azure firewall as a service with built-in high availability.☆15Oct 29, 2022Updated 3 years ago
- Microsoft Cloud App Security labs☆14Dec 17, 2018Updated 7 years ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆118Jan 22, 2026Updated last month
- Velociraptor Server hosted in Azure App Service☆59Jun 4, 2025Updated 9 months ago
- OSSEM Common Data Model☆56Sep 20, 2022Updated 3 years ago
- This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam☆27Jul 4, 2024Updated last year
- ☆11Dec 9, 2025Updated 3 months ago
- In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…☆135Updated this week
- A WDAC configuration repository with the sole intention of enriching MDE☆30Jun 18, 2025Updated 9 months ago
- Azure AD Incident Response☆27Oct 8, 2021Updated 4 years ago
- ☆11Oct 13, 2020Updated 5 years ago
- Create a cool process tree like https://twitter.com/ACEResponder.☆35Mar 1, 2023Updated 3 years ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆57Mar 2, 2026Updated 2 weeks ago
- PowerShell Module for Submitting MVP Activities☆19Feb 22, 2026Updated 3 weeks ago
- ☆39Mar 12, 2026Updated last week
- Active C&C Detector☆156Oct 5, 2023Updated 2 years ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆60Mar 12, 2022Updated 4 years ago
- Search an entire directory of .eml email files for a word or phrase... in over 100 languages.☆12Feb 28, 2023Updated 3 years ago
- Python-based cloud node for local use☆11Mar 7, 2018Updated 8 years ago
- Modern Phishing Tool With Advanced Functionality [ Android-Support-Available ]☆31Oct 10, 2019Updated 6 years ago
- Command line tool for working with Panther rules and policies☆48Mar 13, 2026Updated last week
- PWNCLOUDOS☆43Oct 6, 2025Updated 5 months ago
- attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage☆115Mar 26, 2023Updated 2 years ago
- iDRAC 5 and 6 web interface and VNC proxy☆10Aug 24, 2019Updated 6 years ago
- Enumerate Location Services using CoreLocation API on macOS☆18Dec 2, 2021Updated 4 years ago