MHaggis / CBR-QueriesView external linksLinks
Collection of useful, up to date, Carbon Black Response Queries
☆84Oct 23, 2020Updated 5 years ago
Alternatives and similar repositories for CBR-Queries
Users that are interested in CBR-Queries are comparing it to the libraries listed below
Sorting:
- Quick script to build host or investigation timelines using Carbon Black Response☆12Sep 25, 2018Updated 7 years ago
- ☆115Jan 31, 2024Updated 2 years ago
- Carbon Black Response IR tool☆55Dec 10, 2020Updated 5 years ago
- Queries for Carbon Black Response☆11Feb 11, 2020Updated 6 years ago
- Carbon Black API - Python language bindings☆145Aug 22, 2024Updated last year
- A repo containing tools developed by Carbon Black's Threat Research Team: Threat Analysis Unit☆240Jul 22, 2021Updated 4 years ago
- Command line interface to Carbon Black Response☆38May 12, 2020Updated 5 years ago
- ☆39Jun 28, 2019Updated 6 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆168Dec 10, 2018Updated 7 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Nov 27, 2020Updated 5 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆72Feb 13, 2025Updated last year
- event shipper for Carbon Black Defense notifications☆10Feb 25, 2023Updated 2 years ago
- Utilizing your Threat data from a MISP instance into CarbonBlack Response by exposing the data in the Threat Intelligence Feed.☆20May 25, 2022Updated 3 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆86Jun 23, 2025Updated 7 months ago
- my MSTICpy practice and custom tools repository☆11Apr 23, 2025Updated 9 months ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Threat Hunting & Incident Investigation with Osquery☆216Mar 30, 2022Updated 3 years ago
- Community Sharing Repository for Carbon Black and Bit9 Platforms☆27Apr 4, 2022Updated 3 years ago
- ☆308Aug 14, 2020Updated 5 years ago
- A PowerShell script to parse the docx/docm file format and update the template location.☆17Oct 15, 2019Updated 6 years ago
- Cyber Threats Detection Rules☆14Sep 16, 2025Updated 5 months ago
- Mitre Att&ck Technique Emulation☆82Mar 6, 2019Updated 6 years ago
- ☆11Feb 9, 2023Updated 3 years ago
- Sample queries for Advanced hunting in Microsoft 365 Defender☆2,048Feb 17, 2022Updated 3 years ago
- Analyze binaries collected in VMware Carbon Black EDR against Yara rules.☆38Jan 17, 2023Updated 3 years ago
- Library of threat hunts to get any user started!☆48Sep 4, 2020Updated 5 years ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆117Nov 28, 2023Updated 2 years ago
- Collection of scripts for use with Carbon Black Cb Response API☆14May 7, 2022Updated 3 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- VMware Carbon Black Cloud Python SDK☆44Jun 27, 2025Updated 7 months ago
- Misc Threat Hunting Resources☆377Jan 26, 2023Updated 3 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago
- Malware similarity platform with modularity in mind.☆80Jul 18, 2021Updated 4 years ago
- Python Forensic and Log Analysis GUI☆27Dec 22, 2014Updated 11 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆116Jan 26, 2022Updated 4 years ago
- ☆18Jun 8, 2018Updated 7 years ago
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago