☆88Mar 7, 2025Updated 11 months ago
Alternatives and similar repositories for OSQuery
Users that are interested in OSQuery are comparing it to the libraries listed below
Sorting:
- Cisco Orbital - Osquery queries by Talos☆137Aug 23, 2024Updated last year
- Osquery Packs we use for customer security hardening☆12Jun 30, 2025Updated 8 months ago
- This hosts all queries created on the LD&R Forum☆13Feb 18, 2025Updated last year
- Active Response plugin. Osquery to execute wazuh/ossec active response plugins. You can write your own plugins, easy to plug☆11Jun 20, 2020Updated 5 years ago
- Threat Hunting & Incident Investigation with Osquery☆216Mar 30, 2022Updated 3 years ago
- LILO based Pulse Secure appliance disk image decryptor☆13Mar 20, 2024Updated last year
- Cyber Threats Detection Rules☆14Sep 16, 2025Updated 5 months ago
- Yara rules written by me, for free use.☆20Nov 26, 2021Updated 4 years ago
- Sophos-originated indicators-of-compromise from published reports☆653Jan 16, 2026Updated last month
- Parses the WMI object database....looking for persistence☆34Dec 12, 2019Updated 6 years ago
- Mapping the MITRE ATT&CK Matrix with Osquery☆806May 11, 2023Updated 2 years ago
- Leverage Sophos Central API☆31Sep 29, 2023Updated 2 years ago
- A repository to share publicly available Velociraptor detection content☆196Updated this week
- ☆66May 13, 2022Updated 3 years ago
- Production-ready detection & response queries for osquery☆600Aug 13, 2025Updated 6 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- osquery extensions by Trail of Bits☆269Apr 12, 2023Updated 2 years ago
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆413Nov 8, 2025Updated 3 months ago
- Automated testing, generation & manipulation of #osquery packs☆74Oct 16, 2024Updated last year
- Windows Event Forwarding for Active Directory Security Logs☆29Jun 28, 2016Updated 9 years ago
- Recon Hunt Queries☆79May 16, 2021Updated 4 years ago
- This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.☆21Sep 30, 2022Updated 3 years ago
- Postman collection to work with Sophos Central APIs☆26Jan 8, 2026Updated last month
- Guardicore osqueries collection for asset information, TH and compliance.☆16Dec 22, 2021Updated 4 years ago
- Automated Real-Time Threat Hunting with ATD, Active Response and Elasticsearch/Kibana☆10Aug 17, 2018Updated 7 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Jul 21, 2020Updated 5 years ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆290Jan 15, 2024Updated 2 years ago
- Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.☆45Aug 17, 2020Updated 5 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- ☆12Jun 29, 2021Updated 4 years ago
- ALPHA/WIP for OSquery configuration for Mac and Linux Operating Systems☆16Jan 9, 2018Updated 8 years ago
- osquery query packs☆14Aug 31, 2018Updated 7 years ago
- Hunting Malicious Macros SANS Threathunting Summit 2021 Materials☆39Oct 9, 2021Updated 4 years ago
- Rules generated from our investigations.☆204Jun 17, 2025Updated 8 months ago
- Powershell collection designed to assist in Threat Hunting Windows systems.☆27Apr 13, 2018Updated 7 years ago
- ☆30May 1, 2025Updated 10 months ago
- Converts Sigma detection rules to a Splunk alert configuration.☆12Jul 1, 2021Updated 4 years ago
- Effort to list and aggregate known malicious Google Chrome Extension IDs☆61Nov 26, 2022Updated 3 years ago