A Compiler from Sigma rules to VQL
☆19May 18, 2026Updated last week
Alternatives and similar repositories for velociraptor-sigma-rules
Users that are interested in velociraptor-sigma-rules are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Publicly shareable windows event log message data☆29Nov 29, 2019Updated 6 years ago
- Continuous Threat Exposure Management Maturity Model (CTEMMM)☆32Feb 6, 2026Updated 3 months ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆22Apr 16, 2021Updated 5 years ago
- FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use.☆80Jan 6, 2026Updated 4 months ago
- Visualize Microsoft Defender XDR process trees and security events☆33Aug 24, 2025Updated 9 months ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Scapy hands-on at #GreHack17☆17Nov 14, 2017Updated 8 years ago
- Placeholder for my detection repo and misc detection engineering content☆42Oct 20, 2023Updated 2 years ago
- A companion Github repo for the book - Threat Hunting macOS by Jaron Bradley☆21Jul 26, 2025Updated 10 months ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆28Aug 6, 2025Updated 9 months ago
- Detection in the form of Yara, Snort and ClamAV signatures.☆254Nov 1, 2024Updated last year
- A collection of my yara rules☆34Jul 11, 2023Updated 2 years ago
- This repository contains various threat hunting tools written in Python and is documented in the series Python Threat Hunting Tools which…☆19Nov 16, 2023Updated 2 years ago
- Documentation site for Velociraptor☆71Updated this week
- Python client for DFIR-IRIS☆26Aug 19, 2024Updated last year
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- PyVelociraptor contains the python bindings for the Velociraptor API.☆21May 5, 2026Updated 3 weeks ago
- Personal Storage Table implementation in Go/Golang☆37Updated this week
- Sysmon configuration file templates with advanced event tracing and blocking☆57May 8, 2026Updated 2 weeks ago
- A specification and style guide for YARA rules☆73Feb 17, 2024Updated 2 years ago
- Collection of scripts provided for public use☆43Updated this week
- YARA rule analyzer to improve rule quality and performance☆114Jan 18, 2026Updated 4 months ago
- ☆44Jul 11, 2025Updated 10 months ago
- Standalone Go implementation of Metasploit's "db_nmap" and "db_import" commands.☆19Nov 6, 2024Updated last year
- Scripts to integrate DFIR-IRIS, MISP and TimeSketch☆37Feb 2, 2022Updated 4 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- service to convert nfcapd files clickhouse as they are created☆10Mar 22, 2025Updated last year
- A repository to share publicly available Velociraptor detection content☆203Updated this week
- Zero-dependency Linux memory forensics PoC — leverages kernel-embedded BTF and kallsyms for type-aware memory analysis without external d…☆159Updated this week
- Windows privileges add to the complexity of Windows user permissions. Each additional user added to a group could lead to a domain compro…☆10Mar 2, 2018Updated 8 years ago
- Block ads and malicious domains with response policy zones☆12Jun 10, 2020Updated 5 years ago
- Fork of Microsoft's fork of OpenOCD - this one being with Tamarin support and pre-built binaries.☆17May 24, 2025Updated last year
- Fully Randomized Pointers☆19Jun 10, 2025Updated 11 months ago
- Auxiliary scripts for Incident Response with ELK☆11Oct 7, 2015Updated 10 years ago
- Netwitness Maltego integration Project☆18May 9, 2017Updated 9 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Function ID for Malware Analysis☆13Jul 6, 2020Updated 5 years ago
- The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.☆13Sep 9, 2020Updated 5 years ago
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12May 11, 2026Updated 2 weeks ago
- My collection of scripts for Ghidra (https://github.com/NationalSecurityAgency/ghidra)☆10Sep 13, 2020Updated 5 years ago
- Pure Python netflow and DNS correlation, with reusable Frame Streams, DnsTap and Protobuf implementations☆17Aug 30, 2025Updated 8 months ago
- An API connector for the Office 365 Management API and the Elastic Stack☆19Aug 9, 2018Updated 7 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago