abdullahgarcia / kubernetes-for-soc
kubernetes-for-soc aims to fast-track the learning curve for SOC analysts by enabling them to swiftly grasp the essential concepts and knowledge necessary to perform their critical duties.
β54Updated last year
Alternatives and similar repositories for kubernetes-for-soc:
Users that are interested in kubernetes-for-soc are comparing it to the libraries listed below
- β71Updated 3 months ago
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.β30Updated 6 months ago
- π§° Multi Tool Kubernetes Pentest Imageβ229Updated last week
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrixβ58Updated last year
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.β82Updated 3 months ago
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessmentsβ139Updated 3 months ago
- β176Updated 5 months ago
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incideβ¦β147Updated last year
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation oβ¦β92Updated last year
- Test & Compare different Kubernetes security offerings on EKS, GKE and AKSβ39Updated 7 months ago
- Curating Falco rules with MITRE ATT&CK Matrixβ78Updated last year
- β29Updated 5 months ago
- Generates runbooks for GuardDuty findingsβ35Updated 10 months ago
- An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.β107Updated 6 months ago
- Damn Vulnerable Kubernetes App (DVKA) is a series of apps deployed on Kubernetes that are damn vulnerable.β138Updated 3 weeks ago
- Convert cloudtrail data to MITRE ATT&CK Sightingsβ79Updated 2 years ago
- Compares and analyzes GCP IAM roles.β77Updated last month
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.β72Updated 11 months ago
- Automated testing, generation & manipulation of #osquery packsβ72Updated 6 months ago
- Generate datasets of cloud audit logs for common attacksβ213Updated 8 months ago
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and securβ¦β156Updated 2 months ago
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of β¦β188Updated 6 months ago
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CKβ¦β164Updated 6 months ago
- A guide to simplify the process of evaluating Datadog's Cloud SIEM security capabilities to detect AWS threats.β19Updated last year
- β42Updated last year
- HashiCorp-relevant rules for the Semgrep code analysis toolβ40Updated last year
- AWS honey token managerβ87Updated 8 months ago
- Released at Black Hat Asia on April 18, 2024, Cloud Console Cartographer is a framework for condensing groupings of cloud events (e.g. Clβ¦β164Updated 11 months ago
- β112Updated 3 months ago
- K8s API Honeypot with Active Defense Capabilitiesβ40Updated last year