akapv / Sysmon_to_AdvancedHunting_KQL
☆10Updated 4 years ago
Alternatives and similar repositories for Sysmon_to_AdvancedHunting_KQL:
Users that are interested in Sysmon_to_AdvancedHunting_KQL are comparing it to the libraries listed below
- ☆21Updated 3 years ago
- Send High & New Incidents to The Hive incident management Platform☆18Updated 4 years ago
- ☆41Updated last year
- gundog - guided hunting in Microsoft Defender☆52Updated 3 years ago
- A list of IOCs applicable to PoshC2☆24Updated 4 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆13Updated 3 years ago
- OSSEM Modular☆27Updated 4 years ago
- Creates an ATT&CK Navigator map of an Adversary Emulation Plan☆17Updated 3 years ago
- Winterfell hunt is a python script to perform auto threat hunting for malicious activities in windows OS based on collected data by winte…☆15Updated 4 years ago
- Microsoft GPO Readiness Lateral Movement Detection Tool☆16Updated 2 years ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 4 years ago
- Threat Box Assessment Tool☆19Updated 3 years ago
- Windows Security Logging☆43Updated 2 years ago
- These are some of the commands which I use frequently during Malware Analysis and DFIR.☆24Updated last year
- Threat Mitigation Strategies☆25Updated last year
- A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.☆16Updated 3 months ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆26Updated 3 months ago
- Powershell / C# based cross platform forensic framework based for live incident response☆23Updated 4 years ago
- Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data☆13Updated 5 years ago
- Windows stuff☆16Updated 5 years ago
- A collection of searches, interesting events and tables on Crowdstrike Splunk.☆29Updated 4 years ago
- An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.☆21Updated 2 years ago
- BloodHound Data Scanner☆44Updated 4 years ago
- Scans a list of raccoon servers from Tria.ge and extracts the config☆15Updated last year
- PowerShell Memory Pulling script☆19Updated 10 years ago
- ☆30Updated 6 years ago
- A collection of hunting and blue team scripts. Mostly others, some my own.☆38Updated 2 years ago
- C# User Simulation☆32Updated 2 years ago
- Random tips and tricks RE: ransomware☆14Updated 3 years ago
- Vagrant Files to create a Virtualbox VM for Malware Analysis☆13Updated 3 years ago