Permiso-io-tools / azure-activity-log-axe
Azure Activity Log Axe is a continually developing tool that simplifies the transactional log format provided by Microsoft. The tool leverages the "Axe Key," a method created by Nathan Eades of the Permiso P0 Labs team. The Axe Key provides a more consistent grouping of the transactional events of an operation than the traditional built-in Ids.
☆26Updated 5 months ago
Alternatives and similar repositories for azure-activity-log-axe:
Users that are interested in azure-activity-log-axe are comparing it to the libraries listed below
- When good OAuth apps go rogue. Documents observed OAuth application tradecraft☆53Updated last month
- Open Threat-Informed Detection Engineering☆37Updated last month
- ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CK® v…☆18Updated 2 months ago
- ☆37Updated 2 months ago
- Elastic version of SOC prime watcher rules☆29Updated 4 months ago
- Anvilogic Forge☆93Updated this week
- Repository that contains a set of purposefully erroneous Yara rules.☆49Updated last year
- Repository with supporting materials for Invictus Academy/Training☆42Updated last month
- The Event Maturity Matrix (EMM) is a comprehensive framework that provides clarity regarding the capabilities and nuances of SaaS audit l…☆19Updated 5 months ago
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 5 months ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆103Updated 2 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆35Updated this week
- ☆46Updated 3 weeks ago
- Rules shared by the community from 100 Days of YARA 2025☆29Updated 3 weeks ago
- ☆26Updated 3 months ago
- ☆44Updated last month
- Collection of different Azure/Entra focused solutions (Deployable templates, Function Apps, etc)☆48Updated this week
- Hunting Queries for Defender ATP☆80Updated 3 months ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆27Updated last year
- ☆72Updated 4 months ago
- A PoC to Simulate Ransomware Attack on AWS Environment☆30Updated 4 months ago
- Slides of my public talks☆54Updated last year
- Tool for obfuscating and deobfuscating data.☆67Updated 11 months ago
- Azure function to insert MISP data in to Azure Sentinel☆31Updated 2 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆83Updated 6 months ago
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆10Updated last year
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆67Updated 9 months ago
- A tool that allows you to document and assess any security automation in your SOC☆45Updated 3 months ago
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆39Updated 4 years ago
- Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're d…☆20Updated this week