activecm / smudge

Related projects: ⓘ

• activecm / espy
  Endpoint detection for remote hosts for consumption by RITA and Elasticsearch
  ☆66Updated last year
• corelight / raspi-corelight
  Corelight@Home script
  ☆39Updated 11 months ago
• jasonsford / IPScraper
  This script provides a Python library with methods to authenticate to various sources of threat intelligence and query IPs for the latest…
  ☆18Updated 2 years ago
• corelight / threat-hunting-guide
  ☆43Updated 2 years ago
• cudeso / CSIRT-Jump-Bag
  CSIRT Jump Bag
  ☆26Updated 4 months ago
• activecm / pcap-stats
  Learn about a network from a pcap file or reading from an interface
  ☆26Updated 5 months ago
• activecm / zcutter
  Extracts fields from zeek logs, compatible with zeek-cut
  ☆19Updated 2 months ago
• splunk / attack-detections-collector
  Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique
  ☆64Updated 6 months ago
• weslambert / securityonion-velociraptor
  Run Velociraptor on Security Onion
  ☆34Updated 2 years ago
• weslambert / securityonion-misp
  ☆34Updated 3 years ago
• TobySalusky / cont3xt
  Cont3xt intends to centralize and simplify a structured approach to gathering contextual intelligence in support of technical investigati…
  ☆36Updated 6 months ago
• corelight / Dashboards-Splunk-DNS-Hunting-Beaconing
  DNS Dashboard for hunting and identifying beaconing
  ☆14Updated 4 years ago
• dfir-dd / incident-response-playbooks
  Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents
  ☆37Updated 4 months ago
• Acheron-VAF / Acheron
  Acheron is a RESTful vulnerability assessment and management framework built around search and dedicated to terminal extensibility.
  ☆30Updated last year
• nidem / forgedpillow
  A tool to modify timestamps in a packet capture to a user selected date
  ☆31Updated 3 years ago
• cudeso / misp-tip-of-the-week
  A collection of tips for using MISP.
  ☆74Updated 5 months ago
• zolderio / misp-to-sentinel
  Azure function to insert MISP data in to Azure Sentinel
  ☆30Updated last year
• alwashmi / MasterParser
  MasterParser is a simple, all-in-one, digital forensics artifact parser
  ☆23Updated 3 years ago
• rkovar / ransomwarelegality
  Can you pay the ransom in your country?
  ☆13Updated 9 months ago
• DomainTools / DomainCAT
  Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
  ☆43Updated 2 years ago
• pfpt-andrew / Rapid-Response-Reporting
  RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…
  ☆36Updated 2 years ago
• activecm / threat-hunting-labs
  Collection of walkthroughs on various threat hunting techniques
  ☆73Updated 4 years ago
• curated-intel / attack-lookup
  A MITRE ATT&CK Lookup Tool
  ☆41Updated 4 months ago
• fireeye / CVE-2021-44228
  OpenIOC rules to facilitate hunting for indicators of compromise
  ☆38Updated 2 years ago
• M3NIX / sigmaio
  simple webapp for converting sigma rules into siem queries using the pySigma library
  ☆47Updated last year
• packetsifter / packetsifterTool
  PacketSifter is a tool/script that is designed to aid analysts in sifting through a packet capture (pcap) to find noteworthy traffic. Pac…
  ☆93Updated 3 years ago
• artemis19 / riverside
  Network security visualization tool, showcasing live traffic between internal and external hosts in a real-time visualization.
  ☆23Updated last year
• humio / security_monitoring
  ☆40Updated last year
• tesorion / TCERT-Cumulonimbus-UAL_Extractor
  Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…
  ☆17Updated 10 months ago
• DefensiveOrigins / Training
  Defensive Origins Training Schedule
  ☆35Updated 9 months ago