InfoSecInnovations / What2Log
☆39Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for What2Log
- ☆70Updated 3 weeks ago
- ☆40Updated last year
- A collection of various SIEM rules relating to malware family groups.☆61Updated 4 months ago
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆78Updated 3 months ago
- Conference presentations☆47Updated last year
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 7 months ago
- ☆75Updated 2 weeks ago
- ☆48Updated last year
- Audit Inspector is a tool for configuring and auditing Windows auditing.☆31Updated last month
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆48Updated 2 years ago
- Pushes Sysmon Configs☆89Updated 3 years ago
- MISP to Sentinel integration☆58Updated last week
- ☆43Updated 3 weeks ago
- ☆65Updated last year
- ☆25Updated 2 months ago
- ☆14Updated last month
- Remote access and Antivirus Logging Database☆41Updated 6 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 5 months ago
- Hunting Queries for Defender ATP☆72Updated last week
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆36Updated 2 years ago
- Detection of obfuscated Powershell commands☆54Updated last year
- Notes on responding to security breaches relating to Azure AD☆96Updated 2 years ago
- A repository to share publicly available Velociraptor detection content☆119Updated this week
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆81Updated last month
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆75Updated 2 weeks ago
- Full of public notes and Utilities☆82Updated 2 months ago
- This repository contains Splunk queries to hunt some anomalies☆38Updated 2 years ago
- ☆41Updated 2 years ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆57Updated 2 weeks ago