Mikoyan-Dee / CrowdStrike-Queries
CrowdStrike Falcon Queries For Advanced Threat Detection
☆12Updated 2 years ago
Related projects: ⓘ
- ☆13Updated last year
- ☆13Updated 2 years ago
- Crowdstrike response script containing various functions for IR/triage☆12Updated 3 years ago
- Cybersecurity Incident Response Plan☆86Updated 3 years ago
- This repository contains Splunk queries to hunt some anomalies☆38Updated 2 years ago
- User Feedback Space of #MitreAssistant☆37Updated last year
- Cheat sheets for threat hunting, detection and other stuff.☆31Updated last year
- ☆34Updated this week
- ☆68Updated last year
- Repository for SPEED SIEM Use Case Framework☆52Updated 4 years ago
- Full of public notes and Utilities☆81Updated 3 weeks ago
- Sigma detection rules for hunting with the threathunting-keywords project☆47Updated 2 weeks ago
- ☆27Updated this week
- Random notes collected on the intertubes relating to DFIR☆32Updated last year
- A collection of various SIEM rules relating to malware family groups.☆60Updated 3 months ago
- Incident Response Methodologies (IRM), also called Incident Playbook, based on the work done by the CERT Societe General☆23Updated 2 years ago
- ☆28Updated 3 years ago
- Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents☆37Updated 4 months ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆55Updated 4 months ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆54Updated this week
- This is the One Stop place where you can several Detection Rules which can help you to kick start your journey on SIEM, SOC work.☆36Updated 3 years ago
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆41Updated 2 years ago
- ☆40Updated last year
- DigitalShadows Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆35Updated 5 years ago
- MISP to Sentinel integration☆57Updated last week
- A library of reference materials, tools, and other resources to aid threat profiling, threat quantification, and cyber adversary defense☆68Updated 9 months ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆50Updated last year
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆36Updated 2 years ago
- ☆50Updated last year
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆64Updated 6 months ago