Hestat / ossec-sysmon
A Ruleset to enhance detection capabilities of Ossec using Sysmon
☆91Updated 2 years ago
Alternatives and similar repositories for ossec-sysmon:
Users that are interested in ossec-sysmon are comparing it to the libraries listed below
- Sysmon and wazuh integration with Sigma sysmon rules [updated]☆64Updated 3 years ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆149Updated 2 weeks ago
- Convert Sigma rules to Wazuh rules☆64Updated 11 months ago
- Docker image for Velocidex Velociraptor☆122Updated 2 weeks ago
- Run Velociraptor on Security Onion☆37Updated 2 years ago
- Technical add-on for Splunk related to TheHive/Cortex from TheHive project☆53Updated last month
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆151Updated 3 years ago
- OSSEM Detection Model☆177Updated 2 years ago
- SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)☆185Updated 3 years ago
- Anything Sysmon related from the MSTIC R&D team☆150Updated 9 months ago
- Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques☆132Updated last year
- A Sigma to Wazuh / OSSEC converter including a generated Windows Sysmon ruleset☆33Updated 4 years ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆109Updated 2 months ago
- Threat Hunting & Incident Investigation with Osquery☆205Updated 2 years ago
- Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translatin…☆126Updated 10 months ago
- Rules generated from our investigations.☆192Updated this week
- Sigma rules from Joe Security☆207Updated 4 months ago
- an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques☆184Updated 2 years ago
- Security Onion + Automation + Response Lab including n8n and Velociraptor☆107Updated 2 years ago
- A curated list of awesome things related to TheHive & Cortex☆177Updated 3 years ago
- Blue Team detection lab created with Terraform and Ansible in Azure.☆149Updated 4 months ago
- This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defense…☆71Updated 3 years ago
- ☆52Updated this week
- Zeek-Formatted Threat Intelligence Feeds☆356Updated this week
- Repository for SPEED SIEM Use Case Framework☆53Updated 4 years ago
- The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders…☆142Updated 6 months ago
- Docker configurations for TheHive, Cortex and 3rd party tools☆119Updated 2 years ago
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆352Updated 2 months ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆201Updated 2 years ago
- ☆31Updated 3 years ago