Truesec / CSIRT

Related projects ⓘ

Alternatives and complementary repositories for CSIRT

• humio / security_monitoring
  ☆40Updated last year
• jangeisbauer / gundog
  gundog - guided hunting in Microsoft Defender
  ☆52Updated 3 years ago
• secgroundzero / KQL_Reference_Manual
  ☆40Updated 3 years ago
• DefensiveOrigins / DO-LAB
  ☆43Updated 3 weeks ago
• invictus-ir / Blue-team-app-Office-365-and-Azure
  ☆70Updated 3 weeks ago
• Bert-JanP / Domain-Response
  Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…
  ☆44Updated 7 months ago
• reprise99 / 4688-sysmon
  ☆48Updated last year
• olafhartong / MDE-AuditCheck
  MDE relies on some of the Audit settings to be enabled
  ☆97Updated 2 years ago
• swisscom / Invoke-Forensics
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆109Updated 11 months ago
• gmellini / Microsoft-Defender-Security-Center-Hunting-Queries
  Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…
  ☆36Updated 3 years ago
• biffalo / easy-wins-endpoint-defense
  Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…
  ☆38Updated 7 months ago
• cudeso / misp-tip-of-the-week
  A collection of tips for using MISP.
  ☆74Updated 7 months ago
• reversinglabs / reversinglabs-siem-rules
  A collection of various SIEM rules relating to malware family groups.
  ☆61Updated 4 months ago
• mikoiv / MicrosoftSentinel-ShodanMonitor
  Ingesting Shodan Monitor Alerts to Microsoft Sentinel
  ☆33Updated last year
• petebryan / blue_team_con
  ☆17Updated 2 years ago
• hackjalstead / IRCP
  A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments
  ☆64Updated 2 years ago
• dwmetz / QuickPcap
  A quick and easy PowerShell script to collect a packet trace with option to convert .etl to .pcap.
  ☆40Updated 2 years ago
• pfpt-andrew / Rapid-Response-Reporting
  RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…
  ☆36Updated 2 years ago
• Kaidja / EntraID
  Automation around Entra ID
  ☆34Updated 4 months ago
• mandiant / citrix-ioc-scanner-cve-2023-3519
  ☆65Updated last year
• zolderio / misp-to-sentinel
  Azure function to insert MISP data in to Azure Sentinel
  ☆30Updated 2 years ago
• cylaris / awesomekql
  Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
  ☆51Updated last year
• mr-r3b00t / KQL
  This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet
  ☆10Updated last year
• mthcht / ThreatHunting-Keywords-sigma-rules
  Sigma detection rules for hunting with the threathunting-keywords project
  ☆47Updated last week
• Bert-JanP / SecScripts
  Security Scripts and Sources for daily usage.
  ☆47Updated last week
• mdecrevoisier / Windows-auditing-baseline
  Provides an advanced baseline to implement a secure Windows auditing strategy on Windows OS.
  ☆45Updated 10 months ago
• correlatedsecurity / SPEED-SIEM-Use-Case-Framework
  Repository for SPEED SIEM Use Case Framework
  ☆52Updated 4 years ago
• Bert-JanP / Sentinel-Automation
  Sentinel Logic Apps/Playbooks to automate enrichment, incident analysis and more.
  ☆75Updated 2 months ago
• le0li9ht / Microsoft-Sentinel-Queries
  KQL queries for cyber defense and for solving daily issues
  ☆43Updated last month
• Neo23x0 / Talks
  Slides of my public talks
  ☆46Updated 11 months ago