blookot / rsa2elk
Converts Netwitness log parser configuration to Logstash configuration
☆20Updated 4 years ago
Alternatives and similar repositories for rsa2elk:
Users that are interested in rsa2elk are comparing it to the libraries listed below
- Threat Intelligence with Elastic - Minemeld integration with Elasticsearch☆19Updated 3 years ago
- ansible role to setup MISP, Malware Information Sharing Platform & Threat Sharing☆53Updated 3 months ago
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Updated 4 years ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated last month
- This repository contains a few examples of actions that can be added to rules within Elastic Security.☆22Updated last month
- Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…☆16Updated 3 years ago
- Pep up your Windows Event Collector (WEC) for Windows Event Forwarding (WEF)☆19Updated 3 years ago
- Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash☆54Updated 3 years ago
- Osquery Packs we use for customer security hardening☆12Updated 5 months ago
- MineMeld nodes for MISP☆19Updated last year
- WebUI of MineMeld☆43Updated 2 years ago
- Ansible playbook for installing MineMeld on Linux☆48Updated 4 years ago
- Scripts used to create ISO installers of ROCK for offline installation.☆10Updated 2 years ago
- Read only mirror. To contribute or submit issues, please go to the website link --->☆13Updated last year
- A collection of Cortex Analyzers and Responders for TheHive/Cortex☆13Updated 5 years ago
- ☆37Updated 5 years ago
- Workflows for Shuffle☆21Updated 2 years ago
- An Ansible playbook for deploying the Suricata intrusion detection system and fetching Snort rules with Oinkmaster.☆15Updated 3 years ago
- Zeek support for Community ID flow hashing.☆35Updated last year
- This TA takes Suricata5 data from your port mirrored Suricata server and makes it readable within Splunk. See Cheatsheets on how to setup…☆15Updated 4 years ago
- Expandable Defensive Cyber Operations Platform☆43Updated 2 years ago
- Elastic TIP is a python tool which automates the process of aggregating Threat Intelligence and ingesting the intelligence into a common …☆27Updated 7 months ago
- A python script to shift the timestamp on syslog data. Useful for forensicators combating time skew.☆20Updated 2 years ago
- This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.☆27Updated 3 years ago
- Meraki MX Logstash configurations☆16Updated 2 years ago
- Porting Suricata to Bro signatures☆6Updated 5 years ago
- Actionable analytics designed to combat threats based on MITRE's ATT&CK.☆22Updated 5 years ago
- Pre-configured environment that supports the development and running of OpenDXL solutions☆13Updated 3 years ago
- Elastic Beat for fetching and shipping Office 365 audit events☆66Updated 4 years ago
- Wazuh - Splunk App☆52Updated 6 months ago