Intellisec-Solutions / Microsoft-Sentinel-SIGMA-Rules-Workbook
☆10Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for Microsoft-Sentinel-SIGMA-Rules-Workbook
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 3 months ago
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆15Updated last year
- ☆43Updated last month
- ☆19Updated last year
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆23Updated this week
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆10Updated last year
- This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam☆24Updated 4 months ago
- Tools and scripts to deploy and manage OpenRelik instances☆10Updated last month
- This Repository gives the best and possible strategies against hunting the ransomware☆24Updated 2 years ago
- Sigma detection rules for hunting with the threathunting-keywords project☆47Updated 3 weeks ago
- A script designed to test passwords against user accounts within an Active Directory environment, offering customizable Account Lockout T…☆14Updated last year
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 7 months ago
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆45Updated 7 months ago
- ☆17Updated last year
- A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.☆15Updated 3 weeks ago
- An exercise to practice deobfuscating PowerShell Scripts.☆28Updated last year
- A collection of various SIEM rules relating to malware family groups.☆62Updated 5 months ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆57Updated 3 weeks ago
- Power-Forensics is the Best Friend for Incident Responders to perform IR and collect evidences for Linux based host☆10Updated last year
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆35Updated 11 months ago
- General Content☆20Updated 4 months ago
- Repo to hold my PowerShell Scripts☆17Updated 2 years ago
- Azure function to insert MISP data in to Azure Sentinel☆30Updated 2 years ago
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆36Updated 7 months ago
- Baseline a Windows System against LOLBAS☆25Updated 6 months ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆18Updated last year
- ☆49Updated last year
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆39Updated 2 weeks ago
- ASR Configurator, Essentials and Atomic Testing☆36Updated 3 weeks ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 6 months ago