akapv / Sysmon_to_AdvancedHunting_KQL
☆10Updated 4 years ago
Alternatives and similar repositories for Sysmon_to_AdvancedHunting_KQL:
Users that are interested in Sysmon_to_AdvancedHunting_KQL are comparing it to the libraries listed below
- Send High & New Incidents to The Hive incident management Platform☆18Updated 4 years ago
- ☆21Updated 3 years ago
- Winterfell hunt is a python script to perform auto threat hunting for malicious activities in windows OS based on collected data by winte…☆15Updated 4 years ago
- Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data☆13Updated 5 years ago
- Windows stuff☆16Updated 5 years ago
- OSSEM Modular☆27Updated 4 years ago
- Powershell / C# based cross platform forensic framework based for live incident response☆23Updated 4 years ago
- Threat Mitigation Strategies☆25Updated last year
- A collection of searches, interesting events and tables on Crowdstrike Splunk.☆29Updated 4 years ago
- These are some of the commands which I use frequently during Malware Analysis and DFIR.☆24Updated last year
- A list of IOCs applicable to PoshC2☆24Updated 4 years ago
- ☆41Updated last year
- C# User Simulation☆32Updated 2 years ago
- Scripts to threat optics stack quickly / abbreviated and automated. Run after APT-Lab-Terraform☆13Updated 4 years ago
- Creates an ATT&CK Navigator map of an Adversary Emulation Plan☆17Updated 3 years ago
- Manticore Adversary Emulation Cli☆48Updated 4 years ago
- IOCPARSER.COM is a Fast and Reliable service that enables you to extract IOCs and intelligence from different data sources.☆34Updated 3 years ago
- gundog - guided hunting in Microsoft Defender☆52Updated 3 years ago
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆13Updated last year
- Scans a list of raccoon servers from Tria.ge and extracts the config☆15Updated last year
- Bunch of honey related items that spoof/decoy powersploit functions.☆18Updated 5 years ago
- ☆20Updated 4 years ago
- PowerShell Memory Pulling script☆19Updated 10 years ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 4 years ago
- Windows Security Logging☆43Updated 2 years ago
- The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.☆12Updated 4 years ago
- Extracts Azure authentication tokens from PowerShell process minidumps.☆23Updated last year
- Searches open files shares for password files, database backups, etc. Extend as you see fit☆29Updated 5 years ago
- Continuous kerberoast monitor☆45Updated last year
- A collection of hunting and blue team scripts. Mostly others, some my own.☆38Updated 2 years ago