The-DFIR-Report / Suricata-RulesView external linksLinks
☆11Jun 12, 2023Updated 2 years ago
Alternatives and similar repositories for Suricata-Rules
Users that are interested in Suricata-Rules are comparing it to the libraries listed below
Sorting:
- ☆21May 8, 2022Updated 3 years ago
- ☆20Jan 10, 2025Updated last year
- ☆78Sep 29, 2025Updated 4 months ago
- Rules generated from our investigations.☆204Jun 17, 2025Updated 7 months ago
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- Small scripts and POCs related to digital forensics☆18Nov 1, 2022Updated 3 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year
- VTC - Velociraptor Timeline Creator☆19May 15, 2024Updated last year
- Python script for parsing ESET (NOD32) virlog.dat file.☆14Sep 28, 2017Updated 8 years ago
- User Feedback Space of #MitreAssistant☆38May 19, 2023Updated 2 years ago
- Regexplore is a Volatility plugin designed to mimic the functionality of the Registry Explorer plugins in EZsuite☆18Mar 31, 2023Updated 2 years ago
- High-level Threat Intelligence playbooks☆20Mar 6, 2021Updated 4 years ago
- A generic security incident response playbook investigating and responding to potential compromises of Okta's internal systems, in the co…☆20Mar 24, 2022Updated 3 years ago
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆27Jul 27, 2022Updated 3 years ago
- Manage Your Large Team of Consultants☆11Sep 18, 2025Updated 4 months ago
- ☆25Dec 8, 2021Updated 4 years ago
- urlyzer is a URL parsing analysis tool.☆24Jul 27, 2024Updated last year
- This is a threat intelligence automatic crawling tool that also contains some high-value threat intelligence.☆21Jun 2, 2021Updated 4 years ago
- Volatility plugins developed and maintained by the community☆21Sep 18, 2024Updated last year
- ☆66May 13, 2022Updated 3 years ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆28Aug 6, 2025Updated 6 months ago
- A script to assist in processing forensic RAM captures for malware triage☆26Feb 4, 2021Updated 5 years ago
- Indicators of Compromise (IOCs) accompanying HP Threat Research blog posts and reports.☆29Apr 10, 2024Updated last year
- A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…☆180May 27, 2025Updated 8 months ago
- Veil-PowerView is a powershell tool to gain network situational awareness on Windows domains.☆63Mar 19, 2015Updated 10 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Aug 6, 2022Updated 3 years ago
- A collection of various SIEM rules relating to malware family groups.☆70Jun 18, 2024Updated last year
- Extract forensic interesting information from Chrome, Firefox, Safari browsers ...☆27May 11, 2019Updated 6 years ago
- InvestigationPlaybookSpec☆71Sep 26, 2017Updated 8 years ago
- Offensive Research Guide to Help Defense Improve Detection☆32Jan 27, 2023Updated 3 years ago
- One Day of Python for SaintCon 2022☆11Jan 3, 2023Updated 3 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- God Mode Detection Rules☆135Aug 8, 2024Updated last year
- STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling☆33Dec 9, 2024Updated last year
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated last month
- ☆48Feb 1, 2026Updated 2 weeks ago
- Mitre ATT&CK and Suricata Rules Automation with AI & LLM☆14Sep 28, 2024Updated last year