JPCERTCC / SysmonSearchLinks
Investigate suspicious activity by visualizing Sysmon's event log
☆422Updated last year
Alternatives and similar repositories for SysmonSearch
Users that are interested in SysmonSearch are comparing it to the libraries listed below
Sorting:
- Tool Analysis Result Sheet☆353Updated 7 years ago
- A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework☆352Updated 4 years ago
- Volatility plugin for extracts configuration data of known malware☆487Updated last year
- Misc Threat Hunting Resources☆373Updated 2 years ago
- Powershell Threat Hunting Module☆283Updated 8 years ago
- Digital forensic acquisition tool for Windows based incident response.☆341Updated last year
- Collecting & Hunting for IOCs with gusto and style☆238Updated 3 years ago
- ATT&CK Remote Threat Hunting Incident Response☆200Updated 5 months ago
- PCAP Samples for Different Post Exploitation Techniques☆361Updated 4 years ago
- Data from a BRAWL Automated Adversary Emulation Exercise☆206Updated 4 years ago
- Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-Cradle…☆304Updated 3 years ago
- Test Blue Team detections without running any attack.☆272Updated last year
- SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)☆188Updated 4 years ago
- ☆276Updated 2 years ago
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆562Updated 3 years ago
- ☆302Updated 4 years ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆276Updated last year
- Detecting ATT&CK techniques & tactics for Linux☆258Updated 4 years ago
- Sigma rules from Joe Security☆214Updated 7 months ago
- ☆164Updated 4 years ago
- MITRE ATT&CK Windows Logging Cheat Sheets☆340Updated 6 years ago
- DFIRTrack - The Incident Response Tracking Application☆498Updated 9 months ago
- A repo containing tools developed by Carbon Black's Threat Research Team: Threat Analysis Unit☆234Updated 3 years ago
- Searches For Threat Hunting and Security Analytics☆241Updated 2 months ago
- Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsac…☆866Updated 4 years ago
- A Splunk app mapped to MITRE ATT&CK to guide your threat hunts☆1,156Updated last year
- IOC from articles, tweets for archives☆313Updated last year
- Repository of YARA rules made by Trellix ATR Team☆596Updated 2 months ago
- A PowerShell script to interact with the MITRE ATT&CK Framework via its own API☆369Updated 6 years ago
- A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.☆458Updated 6 months ago