Neo23x0 / BlueTeam-Tools
Tools and Techniques for Blue Team / Incident Response
☆22Updated last year
Related projects: ⓘ
- Windows Malware Investigation Scripts & Docs☆74Updated 6 months ago
- Some important DFIR Resources☆81Updated last year
- A repository of my own Sigma detection rules.☆155Updated last week
- A repository to share publicly available Velociraptor detection content☆115Updated this week
- An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.☆176Updated 2 months ago
- CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable repor…☆189Updated 10 months ago
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆149Updated 3 weeks ago
- Config files for my GitHub profile.☆15Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆74Updated 3 weeks ago
- Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE☆96Updated 5 months ago
- SentinelOne STAR Rules☆45Updated 10 months ago
- Search Index Database Reporter☆87Updated last year
- Harness the power of Splunk for your investigations☆66Updated last month
- This is the One Stop place where you can find almost all of your Tools of Requirements in DFIR☆73Updated 2 years ago
- The Threat Actor Profile Guide for CTI Analysts☆89Updated last year
- An opensource sigma conversion tool built using pysigma☆90Updated 2 weeks ago
- Tools for simulating threats☆170Updated 10 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆147Updated 4 months ago
- Repository of attack and defensive information for Business Email Compromise investigations☆216Updated 3 weeks ago
- A collection of various SIEM rules relating to malware family groups.☆60Updated 3 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 4 months ago
- MISP Playbooks☆167Updated last month
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆113Updated 9 months ago
- MISP to Sentinel integration☆57Updated last week
- CarbonBlack EDR detection rules and response actions☆70Updated last week
- ☆50Updated last year
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆62Updated last year
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆170Updated last week
- Intelligence Architecture Mind Map☆110Updated 6 months ago
- Resources To Learn And Understand SIGMA Rules☆163Updated last year