Graylog Processing Pipeline functions to enrich log messages with IoC information from threat intelligence databases
☆155Mar 6, 2024Updated last year
Alternatives and similar repositories for graylog-plugin-threatintel
Users that are interested in graylog-plugin-threatintel are comparing it to the libraries listed below
Sorting:
- Stream Lookup function for GrayLog2 Pipeline Processor☆14Oct 1, 2021Updated 4 years ago
- [DEPRECATED] Graylog Pipeline Message Processor Plugins☆21Oct 13, 2020Updated 5 years ago
- How to send Windows EventLogs into Graylog☆20Oct 20, 2025Updated 4 months ago
- Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …☆821Nov 5, 2023Updated 2 years ago
- Manage log collectors through Graylog☆276Updated this week
- ☆36Dec 13, 2023Updated 2 years ago
- ☆16Dec 13, 2023Updated 2 years ago
- Graylog plugin to record internal logs of Graylog efficiently instead of sending them over the network☆12Jan 31, 2018Updated 8 years ago
- Basic Anomaly IDS capabilities with Python and Bro☆105Feb 27, 2018Updated 8 years ago
- CLI tool for graylog-project☆25Dec 4, 2025Updated 2 months ago
- Quantitate binary risk assessment☆17May 9, 2022Updated 3 years ago
- A security tool for detecting suspicious PDF modifications commonly found in BEC☆41Aug 4, 2016Updated 9 years ago
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Jan 16, 2018Updated 8 years ago
- Credentials catching honeypot☆390May 21, 2024Updated last year
- A virtual PDF analysis framework☆17Jan 31, 2014Updated 12 years ago
- A repository for using windows event forwarding for incident detection and response☆1,296Sep 8, 2025Updated 5 months ago
- A lightweight tool to score network traffic and flag anomalies☆123Aug 7, 2024Updated last year
- Several bundled Graylog plugins to integrate with different AWS services like CloudTrail and FlowLogs.☆92Apr 3, 2024Updated last year
- Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsac…☆883Nov 17, 2020Updated 5 years ago
- How to Zeek Sysmon Logs!☆103Feb 12, 2022Updated 4 years ago
- Basics of Windows privilege escalation☆134Sep 30, 2017Updated 8 years ago
- A collection of open source Graylog integrations that will be released together.☆16Apr 3, 2024Updated last year
- A Couple of Python Scripts Leveraging MS365's GraphAPI to Send Custom Calendar Events / Emails from Cheap O365 Accounts☆18Apr 19, 2024Updated last year
- A repository for using osquery for incident detection and response☆881Sep 8, 2025Updated 5 months ago
- A Python library to help with some common threat hunting data analysis operations☆142Apr 23, 2023Updated 2 years ago
- ☆16Mar 17, 2017Updated 8 years ago
- Threat Intelligence with Elastic - Minemeld integration with Elasticsearch☆19May 11, 2021Updated 4 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Nov 27, 2020Updated 5 years ago
- CARET - A tool for viewing cyber analytic relationships☆57Jan 15, 2020Updated 6 years ago
- POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's s…☆105Jul 2, 2017Updated 8 years ago
- ☆17Feb 26, 2019Updated 7 years ago
- Maps process creation logged by Sysmon uses Google Org Chart API☆23Mar 5, 2016Updated 9 years ago
- first commit☆23Feb 16, 2026Updated last week
- Alert condition plugin for Graylog to perform aggregation☆21Jan 8, 2023Updated 3 years ago
- Collector plugin for Graylog☆16Apr 3, 2024Updated last year
- A library for efficient interception of established TCP connections☆20Oct 12, 2015Updated 10 years ago
- A Yara rule generator for finding related samples and hunting☆162Sep 11, 2022Updated 3 years ago
- Aggressor scripts for phases of a pen test or red team assessment☆184Aug 13, 2024Updated last year
- Aggregates plugin for Graylog☆54Jan 9, 2019Updated 7 years ago