Transform EQL detection rules to VQL artifacts
☆12Nov 12, 2021Updated 4 years ago
Alternatives and similar repositories for eql2vql
Users that are interested in eql2vql are comparing it to the libraries listed below
Sorting:
- ☆14Feb 8, 2020Updated 6 years ago
- A library implementing a generic SQL like query language.☆21Updated this week
- Ansible playbook to convert Sigma rules to ElastAlert rules☆10Feb 5, 2021Updated 5 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆22Apr 16, 2021Updated 4 years ago
- Query.AI plugin for Kibana☆13Nov 10, 2019Updated 6 years ago
- ☆14Oct 24, 2024Updated last year
- Kestrel Jupyter Notebook Kernel☆10Oct 19, 2023Updated 2 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- ☆13Apr 8, 2022Updated 3 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…☆18Apr 10, 2020Updated 5 years ago
- My collection of scripts for Ghidra (https://github.com/NationalSecurityAgency/ghidra)☆10Sep 13, 2020Updated 5 years ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- A lightweight C++/C AFF4 reader library☆14Feb 5, 2026Updated last month
- LSL scripts for land vehicles, compatible with Opensim and Second Life☆15Updated this week
- A script to create and assign SOP tasks into the cases☆20Aug 16, 2020Updated 5 years ago
- Security Onion + Automation + Response Lab including n8n and Velociraptor☆114Sep 14, 2022Updated 3 years ago
- An experimental Velociraptor implementation using cloud infrastructure☆26Dec 2, 2025Updated 3 months ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- Listing releases of the Elastic stack with new features and references☆19Feb 4, 2026Updated last month
- Creating a Feed of MISP Events from ThreatFox (by abuse.ch)☆19Jun 2, 2021Updated 4 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- ☆129Feb 19, 2026Updated last month
- llolbas is a repo containing a localized and off-line version of the ever popular Living Off the Land Binaries and Scripts (LOLBAS) proje…☆11May 1, 2023Updated 2 years ago
- PyVelociraptor contains the python bindings for the Velociraptor API.☆21Feb 11, 2026Updated last month
- Tutorials and materials for planning a HybSeq project, processing sequences, and conducting phylogenomic analyses.☆16May 19, 2017Updated 8 years ago
- Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.☆45Aug 17, 2020Updated 5 years ago
- UITextView with the look of a Notebook☆41Oct 21, 2018Updated 7 years ago
- A python script to shift the timestamp on syslog data. Useful for forensicators combating time skew.☆21May 19, 2022Updated 3 years ago
- ☆176Jun 25, 2024Updated last year
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆158Nov 30, 2021Updated 4 years ago
- An advanced parser for INDX records☆29Aug 7, 2019Updated 6 years ago
- Repository of tools, YARA rules, and code-snippets from Stairwell's research team.☆23Jan 31, 2024Updated 2 years ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆69Mar 17, 2024Updated 2 years ago
- Imphash-like calculation on Golang binaries☆49Jul 2, 2022Updated 3 years ago
- Just enough of a fictional programming language to show how to write a compiler☆25May 19, 2012Updated 13 years ago
- ☆152Jun 5, 2024Updated last year
- ☆49Jun 29, 2024Updated last year