Open-source framework to detect outliers in Elasticsearch events
☆205May 22, 2023Updated 2 years ago
Alternatives and similar repositories for ee-outliers
Users that are interested in ee-outliers are comparing it to the libraries listed below
Sorting:
- Actionable analytics designed to combat threats☆1,005May 25, 2022Updated 3 years ago
- Threat Alert Logic Repository☆93Feb 7, 2019Updated 7 years ago
- Elasticsearch/Kibana environment and log data for Sigma workshop☆26Dec 20, 2019Updated 6 years ago
- Real-time, container-based file scanning at enterprise scale☆975Feb 25, 2026Updated last week
- Automatic detection engineering technical state compliance☆55Jul 7, 2024Updated last year
- Signature engine for all your logs☆172Nov 13, 2023Updated 2 years ago
- Bro/Zeek integration with osquery☆93Nov 2, 2020Updated 5 years ago
- An analytical framework for network traffic and behavioral analytics☆456Dec 7, 2022Updated 3 years ago
- Open Source Security Events Metadata (OSSEM)☆1,288Feb 27, 2023Updated 3 years ago
- A Linux Auditd rule set mapped to MITRE's Attack Framework☆822Jul 8, 2020Updated 5 years ago
- Re-play Security Events☆1,725Mar 20, 2024Updated last year
- Test Blue Team detections without running any attack.☆271May 2, 2024Updated last year
- Detect Tactics, Techniques & Combat Threats☆2,264Jan 21, 2026Updated last month
- Mapping the MITRE ATT&CK Matrix with Osquery☆806May 11, 2023Updated 2 years ago
- Security event correlation engine for ELK stack☆447Jun 26, 2024Updated last year
- EventList☆377Mar 21, 2021Updated 4 years ago
- A set of Zeek scripts to detect ATT&CK techniques.☆620Jun 26, 2024Updated last year
- Investigate suspicious activity by visualizing Sysmon's event log☆431Dec 22, 2023Updated 2 years ago
- A framework for developing alerting and detection strategies for incident response.☆841Sep 8, 2025Updated 5 months ago
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings☆122Jul 12, 2021Updated 4 years ago
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,515Jan 12, 2026Updated last month
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆573Dec 12, 2021Updated 4 years ago
- Windows Events Attack Samples☆2,515Jan 24, 2023Updated 3 years ago
- An ELK environment containing interesting security datasets.☆136May 11, 2020Updated 5 years ago
- Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets☆142Oct 12, 2020Updated 5 years ago
- Searches For Threat Hunting and Security Analytics☆238Mar 26, 2025Updated 11 months ago
- YARA malware query accelerator (web frontend)☆437Feb 3, 2026Updated last month
- Your Everyday Threat Intelligence☆1,954Feb 12, 2026Updated 3 weeks ago
- This is a repository for freq.py and freq_server.py☆215Feb 1, 2026Updated last month
- An information security preparedness tool to do adversarial simulation.☆1,139Apr 1, 2019Updated 6 years ago
- A repository for using osquery for incident detection and response☆880Sep 8, 2025Updated 5 months ago
- DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat det…☆172May 23, 2023Updated 2 years ago
- This project is no longer maintained. There's a successor at https://github.com/zeek-packages/zeek-agent-v2☆14Oct 12, 2020Updated 5 years ago
- ☆137Mar 20, 2019Updated 6 years ago
- This program exports MITRE ATT&CK framework in ELK dashboard☆80Dec 8, 2022Updated 3 years ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆785Feb 22, 2026Updated last week
- Open source training materials for law-enforcement and organisations interested in DFIR.☆63May 30, 2025Updated 9 months ago
- SANS Hunting on the Cheap☆36Apr 12, 2016Updated 9 years ago
- Primary data pipelines for intrusion detection, security analytics and threat hunting☆85Jan 9, 2022Updated 4 years ago