InvestigationPlaybookSpec
☆71Sep 26, 2017Updated 8 years ago
Alternatives and similar repositories for InvestigationPlaybookSpec
Users that are interested in InvestigationPlaybookSpec are comparing it to the libraries listed below
Sorting:
- Expert Investigation Guides☆51Mar 18, 2021Updated 4 years ago
- Collecting & Hunting for IOCs with gusto and style☆117Aug 9, 2018Updated 7 years ago
- A set of Bash scripts that allows you to repeatably collect and compare baseline audit data from Linux and Windows systems☆20Oct 19, 2013Updated 12 years ago
- DPS' Lightweight Investigation Notebook☆433Dec 31, 2023Updated 2 years ago
- Detecting DNS Spoofing, DNS Tunneling, DNS Exfiltration☆36Sep 28, 2015Updated 10 years ago
- A Python library to help with some common threat hunting data analysis operations☆142Apr 23, 2023Updated 2 years ago
- Searches For Threat Hunting and Security Analytics☆238Mar 26, 2025Updated 11 months ago
- ☆11Jun 12, 2023Updated 2 years ago
- Powershell Functions to interact with TheHive-Project☆11Jun 27, 2019Updated 6 years ago
- Konrads' Pen-Ultimate (Windows) Log File Parser☆14Dec 27, 2025Updated 2 months ago
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago
- BTG's purpose is to make fast and efficient search on IOC☆71Nov 27, 2018Updated 7 years ago
- threat-intelligence.eu website and repository of information about open standards, documents, methodologies and processes in threat intel…☆49Nov 3, 2025Updated 3 months ago
- Queries to parse sysmon event log file with microsoft logparser☆58Mar 31, 2015Updated 10 years ago
- This package allows for creating alerts in The Hive from emails retrieved from a Microsoft Exchange mailbox.☆12Jul 13, 2017Updated 8 years ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆55Jul 1, 2022Updated 3 years ago
- A homebrewed cyber threat intelligence solution☆20Nov 20, 2012Updated 13 years ago
- ReviveIT (revit) is a proof of concept file recovery tool (carver)☆13Dec 3, 2020Updated 5 years ago
- A simple many-rules to many-files YARA scanner for incident response or malware zoos.☆27Jun 3, 2018Updated 7 years ago
- Splunk App to assist Sysmon Threat Hunting☆38Mar 7, 2017Updated 8 years ago
- Python script to automatically create sigma rules from The hive observables☆25Mar 17, 2019Updated 6 years ago
- Python script to compress VBA macro files☆24Feb 2, 2023Updated 3 years ago
- This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.☆22Jan 30, 2018Updated 8 years ago
- Proof of concept VBA code to add to Normal.dot to put restrictions on Word☆40Dec 20, 2016Updated 9 years ago
- ☆14May 30, 2018Updated 7 years ago
- Small scripts and POCs related to digital forensics☆18Nov 1, 2022Updated 3 years ago
- Home to the ActorTrackr source code☆24Jun 21, 2017Updated 8 years ago
- Windows registry samples☆24Nov 18, 2018Updated 7 years ago
- A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.☆252Jul 19, 2021Updated 4 years ago
- PowerShell No Agent Hunting☆111Apr 23, 2018Updated 7 years ago
- Generic Signature Format for SIEM Systems☆18Jul 25, 2023Updated 2 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Sep 18, 2018Updated 7 years ago
- Splunk Boss of the SOC v1 data set.☆113Jun 13, 2018Updated 7 years ago
- Traceroute improved wrapper for CSIRT and CERT operators☆40Oct 9, 2024Updated last year
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆505Oct 21, 2022Updated 3 years ago
- An information security preparedness tool to do adversarial simulation.☆1,139Apr 1, 2019Updated 6 years ago
- CyCAT.org taxonomies☆15May 22, 2021Updated 4 years ago
- ☆18Jun 8, 2018Updated 7 years ago
- Registry Miner☆14Apr 10, 2018Updated 7 years ago