Alternatives and similar repositories for iocs

Users that are interested in iocs are comparing it to the libraries listed below

• Cyb3r-Monk / ACCD
  Active C&C Detector
  ☆156Updated 2 years ago
• NextronSystems / evtx-baseline
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆82Updated last month
• LivingInSyn / RMML
  A list of RMMs designed to be used in automation to build alerts
  ☆115Updated last week
• delivr-to / detections
  A home for detection content developed by the delivr.to team
  ☆73Updated 3 months ago
• Sam0x90 / CTI
  Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on
  ☆83Updated last year
• Sam0x90 / CB-Threat-Hunting
  CarbonBlack EDR detection rules and response actions
  ☆73Updated last year
• MHaggis / notes
  Full of public notes and Utilities
  ☆129Updated 9 months ago
• biffalo / easy-wins-endpoint-defense
  Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…
  ☆38Updated last year
• tsale / Sigma_rules
  Sigma rules to share with the community
  ☆122Updated 9 months ago
• mgreen27 / DetectRaptor
  A repository to share publicly available Velociraptor detection content
  ☆190Updated this week
• cgosec / Blauhaunt
  A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…
  ☆179Updated 5 months ago
• MHaggis / SDDLMaker
  The home of the SDDLMaker
  ☆27Updated 10 months ago
• mthcht / ThreatHunting-Keywords-sigma-rules
  Sigma detection rules for hunting with the threathunting-keywords project
  ☆56Updated 8 months ago
• krdmnbrk / atomicgen.io
  A simple tool designed to create Atomic Red Team tests with ease.
  ☆48Updated 8 months ago
• magicsword-io / LOLBASline
  Baseline a Windows System against LOLBAS
  ☆69Updated last year
• Neo23x0 / Talks
  Slides of my public talks
  ☆56Updated last year
• tsale / Intrusion_data
  This repository is created to store the artifacts for any intrusions I share publicly.
  ☆26Updated 2 years ago
• tsale / EDR-Telemetry-Website
  ☆74Updated last week
• jischell-msft / RemoteManagementMonitoringTools
  Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
  ☆99Updated 3 months ago
• herbiezimmerman / Windows-Event-Logs-With-Event-IDs
  A running list of Windows sources and the related event ids.
  ☆19Updated 2 years ago
• Bournemouth2600 / Detection-Engineering-Intro
  An introduction to detection engineering
  ☆13Updated 10 months ago
• MHaggis / ShellSweep
  ShellSweeping the evil.
  ☆53Updated last year
• cbecks2 / edr-artifacts
  This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.
  ☆91Updated last year
• redcanaryco / ansible-atomic-red-team
  This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam
  ☆27Updated last year
• curated-intel / The-CTI-Research-Guide
  A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners
  ☆114Updated last year
• ANSSI-FR / orc2timeline
  orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them
  ☆34Updated 4 months ago
• SecurityRiskAdvisors / indexes
  Threat Simulation Indexes
  ☆39Updated 6 months ago
• AttackIQ / SigmAIQ
  A pySigma wrapper and langchain toolkit for automatic rule creation/translation
  ☆86Updated 2 weeks ago
• thinkst / defending-off-the-land
  Assortment of scripts and tools for our Blackhat EU 2024 talk
  ☆100Updated 9 months ago
• splunk / PEAK
  Security Content for the PEAK Threat Hunting Framework
  ☆39Updated last year