Permiso-io-tools / azure-activity-log-axe
Azure Activity Log Axe is a continually developing tool that simplifies the transactional log format provided by Microsoft. The tool leverages the "Axe Key," a method created by Nathan Eades of the Permiso P0 Labs team. The Axe Key provides a more consistent grouping of the transactional events of an operation than the traditional built-in Ids.
☆27Updated 6 months ago
Alternatives and similar repositories for azure-activity-log-axe:
Users that are interested in azure-activity-log-axe are comparing it to the libraries listed below
- When good OAuth apps go rogue. Documents observed OAuth application tradecraft☆69Updated 2 months ago
- Anvilogic Forge☆95Updated last week
- ASR Configurator, Essentials and Atomic Testing☆37Updated 4 months ago
- Repository with supporting materials for Invictus Academy/Training☆42Updated 2 months ago
- The Event Maturity Matrix (EMM) is a comprehensive framework that provides clarity regarding the capabilities and nuances of SaaS audit l…☆19Updated 6 months ago
- Azure function to insert MISP data in to Azure Sentinel☆31Updated 2 years ago
- Repository that contains a set of purposefully erroneous Yara rules.☆50Updated last year
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆105Updated 3 months ago
- ☆29Updated 4 months ago
- Rules shared by the community from 100 Days of YARA 2025☆29Updated last month
- ☆37Updated 2 weeks ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆36Updated this week
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 7 months ago
- Elastic version of SOC prime watcher rules☆29Updated 5 months ago
- ☆65Updated 10 months ago
- ☆46Updated last week
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆101Updated 5 months ago
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆35Updated 4 months ago
- ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CK® v…☆18Updated 2 weeks ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆32Updated last month
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆27Updated last year
- Hunting Queries for Defender ATP☆81Updated this week
- ☆41Updated last week
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆40Updated 4 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆84Updated 7 months ago
- Azure AD Identity Protection Cookie Spoofing☆32Updated last year
- TIM is a Kusto investigation platform that enables a user to quickly pivot between data sources; annotate their findings; and promotes co…☆20Updated 7 months ago