PaloAltoNetworks / cortex-xql-queries
Repository for Cortex XDR and Cortex XSIAM XQL queries and more!
☆22Updated 5 months ago
Related projects ⓘ
Alternatives and complementary repositories for cortex-xql-queries
- ☆70Updated 3 weeks ago
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…☆38Updated 4 years ago
- A collection of various SIEM rules relating to malware family groups.☆61Updated 4 months ago
- Hunting Queries for Defender ATP☆72Updated last week
- Cybersecurity Incident Response Plan☆87Updated 4 years ago
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆85Updated 3 years ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆57Updated 2 weeks ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆84Updated last year
- Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents☆38Updated 6 months ago
- The Infosec Community Definitive Guide to Jupyter Notebooks☆115Updated 4 years ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆51Updated last year
- ☆58Updated 2 years ago
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆48Updated 2 years ago
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆44Updated last month
- Full of public notes and Utilities☆82Updated 2 months ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆81Updated last month
- MISP to Sentinel integration☆58Updated last week
- ☆43Updated 3 weeks ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆63Updated last year
- ☆41Updated 2 years ago
- Incident Response Report Using GitHub-Sphinx☆19Updated 5 years ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆52Updated 2 years ago
- Cheat sheets for threat hunting, detection and other stuff.☆32Updated 2 years ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆75Updated 2 weeks ago
- This repository contains Splunk queries to hunt some anomalies☆38Updated 2 years ago
- Import CrowdStrike Threat Intelligence into your instance of MISP☆41Updated 3 weeks ago
- Convert Sigma rules to LogRhythm searches☆19Updated 2 years ago
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 2 months ago