Security-Experts-Community / open-xp-rules
Открытый репозиторий с правилами на языке eXtraction and Processing (XP)
☆20Updated 2 weeks ago
Related projects ⓘ
Alternatives and complementary repositories for open-xp-rules
- Enterprise Response Model & Common Knowledge☆36Updated 5 months ago
- реп полезностей для PT MaxPatrol SIEM☆25Updated last year
- Chrome extension for SOC automations☆33Updated 3 weeks ago
- Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques☆310Updated this week
- Extension for eXtraction and Processing (XP) language in Visual Studio Code☆40Updated last week
- An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.☆188Updated 4 months ago
- Search Index Database Reporter☆92Updated 2 weeks ago
- Documentation and scripts to properly enable Windows event logs.☆558Updated last year
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆556Updated last week
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆681Updated this week
- CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable repor…☆204Updated last year
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆146Updated this week
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆529Updated 2 months ago
- ☆506Updated last month
- A repository of my own Sigma detection rules.☆156Updated 2 months ago
- An opensource sigma conversion tool built using pysigma☆101Updated last week
- Rules generated from our investigations.☆189Updated 3 weeks ago
- Sigma rule specification☆111Updated 2 weeks ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆356Updated 2 months ago
- MP SIEM SDK☆23Updated 4 months ago
- Playbooks for SOC Analysts☆146Updated last year
- Open Source Platform for storing, organizing, and searching documents related to cyber threats☆157Updated last year
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆644Updated this week
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆193Updated 4 years ago
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆144Updated this week
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆145Updated last month
- Splunk code (SPL) for serious threat hunters and detection engineers.☆266Updated 10 months ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆544Updated 3 weeks ago
- Collection of Jupyter Notebooks by @fr0gger_☆142Updated 2 months ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆588Updated 5 months ago