Threat hunting with Sysmon and ArangoDB Graphs
☆12Apr 16, 2020Updated 5 years ago
Alternatives and similar repositories for sysmon-arangodb
Users that are interested in sysmon-arangodb are comparing it to the libraries listed below
Sorting:
- Konrads' Pen-Ultimate (Windows) Log File Parser☆14Dec 27, 2025Updated 2 months ago
- Helper scripts to automate the extraction of YARA rules from XProtectRemediators☆22Mar 5, 2024Updated last year
- Epimitheus is a tool that uses graphical database Neo4j for Windows Events visualization.☆19Mar 13, 2022Updated 3 years ago
- Manage Your Large Team of Consultants☆11Sep 18, 2025Updated 5 months ago
- Indicators of Compromise (IOCs) accompanying HP Threat Research blog posts and reports.☆29Apr 10, 2024Updated last year
- A map of the botnet attacking our server☆14Aug 24, 2017Updated 8 years ago
- Docker Crash Course: How to containerize your favorite security tools☆28Jun 20, 2023Updated 2 years ago
- ☆32Feb 3, 2026Updated 3 weeks ago
- A document tagging library☆33Mar 27, 2025Updated 11 months ago
- Privescker - make life easier by dumping all your common Windows enum, privesc and post exploitation scripts and tools on to the box in o…☆45Apr 4, 2022Updated 3 years ago
- Triaging Windows event logs based on SANS Poster☆47Nov 22, 2025Updated 3 months ago
- OpenCTI Add-On for Splunk☆13Jan 13, 2026Updated last month
- Payload designed for targeting Jamf enrolled devices.☆39May 19, 2023Updated 2 years ago
- Get or remove RunMRU values☆61Dec 11, 2019Updated 6 years ago
- Vendont is a Venmo transaction finder/scraper. It uses Venmo's own public API system to fetch all transactions at a given time.☆10Jun 16, 2019Updated 6 years ago
- DeTT&CT Editor☆12Jan 21, 2026Updated last month
- Powershell to read ETL file on an interval and convert it to an EVTX (so Windows Event Forwarding can 'subscribe')☆11May 16, 2017Updated 8 years ago
- ☆10Dec 5, 2023Updated 2 years ago
- Minimal C port of UTF8-CPP☆12Jun 2, 2019Updated 6 years ago
- Import Mitre Att&ck into Neo4j database☆39Dec 8, 2022Updated 3 years ago
- A clone of FD (File & Directory tool) by T.Shirai☆16Jan 29, 2014Updated 12 years ago
- ☆12Dec 14, 2016Updated 9 years ago
- Primarily aimed at replicating files that cannot be directly copied due to being in use.☆11Apr 22, 2024Updated last year
- 这是一个网络安全知识图谱开源平台,为网络安全的智能化、体系化开阔新方向,对行业发展贡献绵薄之力。☆47Apr 7, 2023Updated 2 years ago
- resources, links for OCR & greek☆10Mar 8, 2021Updated 4 years ago
- A utility to force query DNS over DoH off of CloudFlare API when DNS block is in place☆10Aug 26, 2018Updated 7 years ago
- Library and tools to access the GUID Partition Table (GPT) volume system format☆11Dec 20, 2025Updated 2 months ago
- 🍎 Rust bindings for the slang shader compiler library 🦀☆11Nov 17, 2024Updated last year
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- Parsers for common structures across windows formats.☆12Aug 23, 2023Updated 2 years ago
- Tools and dumps related to the Smishing Triad and the USPS smishing campaign from late 2023 into 2024☆11Apr 28, 2024Updated last year
- Daily updated malware indicator lists from TR-CERT (USOM), including parsed malicious URLs, IPs, and domains.☆15Updated this week
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- Dual-kawase blur filter for GameMaker Studio 2☆11Feb 20, 2024Updated 2 years ago
- ☆12Aug 27, 2025Updated 6 months ago
- CoreFoundation Property List support for Go☆28Nov 7, 2017Updated 8 years ago
- Help deobfuscate VBScript☆18Jul 1, 2022Updated 3 years ago
- VB Exe Parser is an IDA script written in Python. This script will help you to parse VB program internal structures. It can find: Event, …☆17Oct 8, 2016Updated 9 years ago
- Post-Exploitation methods inside any extension, Presented @DEFCON29: "Extension-Land exploits and rootkits in your browser extensions".☆11Nov 29, 2021Updated 4 years ago