Yamato-Security / suzaku-rulesView external linksLinks
☆11Dec 9, 2025Updated 2 months ago
Alternatives and similar repositories for suzaku-rules
Users that are interested in suzaku-rules are comparing it to the libraries listed below
Sorting:
- 🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.☆14May 22, 2024Updated last year
- Parser fo macOS/iOS FSEvents Logs☆43May 6, 2024Updated last year
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 3 months ago
- A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.☆33Jul 23, 2024Updated last year
- ☆30Jan 13, 2026Updated last month
- ETW forensic tool for Volatility3 plugin☆17Nov 15, 2024Updated last year
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆20Jul 1, 2023Updated 2 years ago
- ☆21Nov 19, 2025Updated 2 months ago
- Living off the False Positive!☆41Jan 31, 2025Updated last year
- A Rust library for parsing and evaluating Sigma rules☆19Nov 26, 2025Updated 2 months ago
- Enumerate Location Services using CoreLocation API on macOS☆18Dec 2, 2021Updated 4 years ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆23Oct 9, 2024Updated last year
- ☆15Jul 20, 2022Updated 3 years ago
- CocktailParty is a data broker system based on phoenix framework☆23Apr 23, 2025Updated 9 months ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆167Dec 7, 2025Updated 2 months ago
- Sample evtx files to use for testing hayabusa detection rules☆64Nov 5, 2025Updated 3 months ago
- A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.☆27Mar 20, 2025Updated 10 months ago
- Released at Black Hat Asia on April 18, 2024, Cloud Console Cartographer is a framework for condensing groupings of cloud events (e.g. Cl…☆173May 16, 2024Updated last year
- A dataset with CloudTrail events from an attack simulation using Stratus.☆24Jul 12, 2023Updated 2 years ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆31Jul 12, 2023Updated 2 years ago
- ☆34Aug 23, 2022Updated 3 years ago
- Swift Command line tool used for proactive detection of malicious activity on macOS systems.☆67Jul 1, 2020Updated 5 years ago
- Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded☆80Jan 26, 2026Updated 3 weeks ago
- ☆25Feb 13, 2021Updated 5 years ago
- ☆73Oct 21, 2024Updated last year
- Turn any blog into structured threat intelligence.☆52Updated this week
- Cheat sheets for threat hunting, detection and other stuff.☆34Oct 7, 2022Updated 3 years ago
- AIL project training materials☆39Jul 17, 2025Updated 6 months ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆80Jan 6, 2026Updated last month
- Client API to query any Passive DNS implementation following the Passive DNS - Common Output Format.☆81Jan 8, 2026Updated last month
- An opensource sigma conversion tool built using pysigma☆158Feb 9, 2026Updated last week
- OpenCTI Add-On for Splunk☆13Jan 13, 2026Updated last month
- A companion Github repo for the book - Threat Hunting macOS by Jaron Bradley☆17Jul 26, 2025Updated 6 months ago
- Card Payments Simulation Tool For Indie Devs : Core Card Switch Engine, Fraud Engine, ATM/POS GUI Simulator , Admin Dash (Real-time MSG …☆19Jun 15, 2025Updated 8 months ago
- Proof of concept for an anti-phishing browser plugin, working by comparing pages screenshots with perceptual hashing algorithms.☆10Apr 3, 2022Updated 3 years ago
- ☆46Nov 7, 2024Updated last year
- ReWrite of AChoir in Go for Cross Platform forensic artifact collection and processing☆41Feb 2, 2026Updated 2 weeks ago
- This crate provides functions for working with IPv4 CIDRs and IPv6 CIDRs.☆33Dec 26, 2025Updated last month