IBM / wincollectLinks
☆58Updated last year
Alternatives and similar repositories for wincollect
Users that are interested in wincollect are comparing it to the libraries listed below
Sorting:
- ATT&CK Remote Threat Hunting Incident Response☆203Updated 8 months ago
- Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technic…☆224Updated 6 months ago
- Scripts to facilitate filtering with Plaso☆126Updated 5 years ago
- LogRhythm PowerShell Toolkit☆51Updated 3 weeks ago
- ☆63Updated 2 years ago
- ☆26Updated 3 years ago
- The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…☆260Updated 4 years ago
- Powering Up Incident Response with Power-Response☆63Updated 5 years ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆223Updated 4 months ago
- Real-time Response scripts and schema☆115Updated last year
- Splunk code (SPL) for serious threat hunters and detection engineers.☆287Updated last year
- Invoke-LiveResponse☆149Updated 3 years ago
- This was code for analyzing round 1 of the MITRE Enterprise ATT&CK Evaluation. Please check out https://github.com/joshzelonis/Enterprise…☆95Updated 5 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆84Updated 4 years ago
- Repository for SPEED SIEM Use Case Framework☆55Updated 5 years ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆153Updated 4 months ago
- Jupyter notebooks for threat hunting☆58Updated 4 months ago
- Practical Orientation Of MVISION EDR Query Language☆33Updated 2 years ago
- BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.☆42Updated 2 years ago
- This is a repository for freq.py and freq_server.py☆210Updated 5 years ago
- Pulls IOCs from MISP and adds the to reference sets in QRadar☆34Updated 2 years ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆115Updated last year
- Powershell Threat Hunting Module☆284Updated 8 years ago
- A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention.☆289Updated 3 years ago
- Parses KAPE module files and downloads binaries referenced by BinaryURL☆18Updated 5 years ago
- Dump of organized knowledge on DFIR☆135Updated 3 years ago
- 2021 SANS DFIR Summit: Greppin' Logs☆20Updated 4 years ago
- PowerShell module for Office 365 and Azure log collection☆270Updated last week
- Office365 Log Analysis Framework☆81Updated 6 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆111Updated 5 years ago