Transform EQL detection rules to VQL artifacts
☆12Nov 12, 2021Updated 4 years ago
Alternatives and similar repositories for eql2vql
Users that are interested in eql2vql are comparing it to the libraries listed below
Sorting:
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- Kestrel Jupyter Notebook Kernel☆10Oct 19, 2023Updated 2 years ago
- Query.AI plugin for Kibana☆13Nov 10, 2019Updated 6 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- ☆13Apr 8, 2022Updated 3 years ago
- A lightweight C++/C AFF4 reader library☆14Feb 5, 2026Updated 3 weeks ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- ☆14Oct 24, 2024Updated last year
- A library implementing a generic SQL like query language.☆21Sep 15, 2025Updated 5 months ago
- Listing releases of the Elastic stack with new features and references☆19Feb 4, 2026Updated 3 weeks ago
- Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…☆18Apr 10, 2020Updated 5 years ago
- ☆22Jan 31, 2023Updated 3 years ago
- A python script to shift the timestamp on syslog data. Useful for forensicators combating time skew.☆21May 19, 2022Updated 3 years ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- A script to create and assign SOP tasks into the cases☆20Aug 16, 2020Updated 5 years ago
- PyVelociraptor contains the python bindings for the Velociraptor API.☆21Feb 11, 2026Updated 2 weeks ago
- Creating a Feed of MISP Events from ThreatFox (by abuse.ch)☆19Jun 2, 2021Updated 4 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆22Apr 16, 2021Updated 4 years ago
- Manage Your Large Team of Consultants☆11Sep 18, 2025Updated 5 months ago
- An advanced parser for INDX records☆29Aug 7, 2019Updated 6 years ago
- ATT&CK Evaluations website (DEPRECATED)☆62Apr 30, 2021Updated 4 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆37Mar 13, 2016Updated 9 years ago
- A Windows Event Log MCP☆40Aug 25, 2025Updated 6 months ago
- ☆176Jun 25, 2024Updated last year
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆69Mar 17, 2024Updated last year
- VM setup for Malware RE labs☆28Apr 26, 2019Updated 6 years ago
- ☆128Feb 19, 2026Updated last week
- RustyBlue is a rust implementation of DeepblueCLI, a forensics log analyzer for finding evidence of compromise from windows event logs.☆72Oct 13, 2022Updated 3 years ago
- Publicly shareable windows event log message data☆28Nov 29, 2019Updated 6 years ago
- Recon Hunt Queries☆79May 16, 2021Updated 4 years ago
- Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert☆37Nov 9, 2022Updated 3 years ago
- The "Let's-defend-solution" directory contains the answers to all paths of the Let's Defend platform that were saved by the creator 8 mon…☆12Apr 27, 2023Updated 2 years ago
- Recipes for GCHQ's CyberChef Web App☆39Nov 15, 2018Updated 7 years ago
- ☆33Oct 16, 2025Updated 4 months ago
- Python library for parsing AccessData AD1 images☆33Jun 1, 2023Updated 2 years ago
- Triaging Windows event logs based on SANS Poster☆47Nov 22, 2025Updated 3 months ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Jul 18, 2024Updated last year