blackhillsinfosec / EventLogging

Related projects ⓘ

Alternatives and complementary repositories for EventLogging

• invictus-ir / Microsoft-Extractor-Suite
  A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
  ☆472Updated last week
• Cyb3r-Monk / Threat-Hunting-and-Detection
  Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
  ☆635Updated last week
• FalconForceTeam / FalconFriday
  Hunting queries and detections
  ☆725Updated last month
• scythe-io / purple-team-exercise-framework
  Purple Team Exercise Framework
  ☆603Updated 10 months ago
• iknowjason / PurpleCloud
  A little tool to play with Azure Identity - Azure Active Directory lab creation tool
  ☆523Updated 3 weeks ago
• stuhli / awesome-event-ids
  Collection of Event ID ressources useful for Digital Forensics and Incident Response
  ☆584Updated 4 months ago
• Yamato-Security / EnableWindowsLogSettings
  Documentation and scripts to properly enable Windows event logs.
  ☆553Updated last year
• PwC-IR / Business-Email-Compromise-Guide
  The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…
  ☆245Updated 3 years ago
• DefensiveOrigins / AtomicPurpleTeam
  Atomic Purple Team Framework and Lifecycle
  ☆282Updated 3 years ago
• vectra-ai-research / MAAD-AF
  MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).
  ☆358Updated last month
• mdecrevoisier / EVTX-to-MITRE-Attack
  Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
  ☆520Updated 2 months ago
• PlumHound / PlumHound
  Bloodhound Reporting for Blue and Purple Teams
  ☆1,119Updated last month
• Bert-JanP / Incident-Response-Powershell
  PowerShell Digital Forensics & Incident Response Scripts.
  ☆512Updated last month
• pe3zx / crowdstrike-falcon-queries
  A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon
  ☆191Updated 4 years ago
• cyb3rmik3 / MDE-DFIR-Resources
  A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …
  ☆354Updated last month
• alexverboon / MDATP
  MDATP
  ☆455Updated 3 months ago
• Neo23x0 / sysmon-config
  Sysmon configuration file template with default high-quality event tracing
  ☆454Updated 9 months ago
• BloodHoundAD / AzureHound
  Azure Data Exporter for BloodHound
  ☆558Updated last month
• darkquasar / AzureHunter
  A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
  ☆770Updated 2 years ago
• christophetd / Adaz
  Deploy customizable Active Directory labs in Azure - automatically.
  ☆409Updated 10 months ago
• AndrewRathbun / DFIRMindMaps
  A repository of DFIR-related Mind Maps geared towards the visual learners!
  ☆515Updated 2 years ago
• ANSSI-FR / DFIR-O365RC
  PowerShell module for Office 365 and Azure log collection
  ☆248Updated last week
• mdecrevoisier / SIGMA-detection-rules
  Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques
  ☆306Updated 5 months ago
• AzureAD / Azure-AD-Incident-Response-PowerShell-Module
  The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Produc…
  ☆419Updated last year
• BloodHoundAD / BARK
  BloodHound Attack Research Kit
  ☆492Updated last month
• eshlomo1 / Microsoft-Sentinel-SecOps
  Microsoft Sentinel SOC Operations
  ☆240Updated 3 months ago
• redcanaryco / AtomicTestHarnesses
  Public Repo for Atomic Test Harness
  ☆251Updated 4 months ago
• activecm / threat-tools
  Tools for simulating threats
  ☆174Updated last year