bluemountaincyber / building-detections-aws
☆15Updated last year
Alternatives and similar repositories for building-detections-aws:
Users that are interested in building-detections-aws are comparing it to the libraries listed below
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆67Updated 9 months ago
- ☆13Updated last year
- ☆93Updated 2 years ago
- ☆42Updated 2 years ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆109Updated 3 months ago
- Conference presentations☆47Updated last year
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆52Updated last year
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆156Updated this week
- Docker Crash Course: How to containerize your favorite security tools☆27Updated last year
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆76Updated 9 months ago
- A library of reference materials, tools, and other resources to aid threat profiling, threat quantification, and cyber adversary defense☆84Updated last year
- Cybersecurity Incident Response Plan☆88Updated 4 years ago
- Creating a resource to help build and manage an Insider Threat program.☆64Updated 3 weeks ago
- Automating Security Detection Engineering, published by Packt☆54Updated 4 months ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆91Updated last year
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆193Updated 5 months ago
- Notes on responding to security breaches relating to Azure AD☆100Updated 2 years ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆52Updated last year
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆116Updated last year
- Reflex SOAR☆12Updated 2 years ago
- Distribution of the SANS SEC504 Windows Cheat Sheet Lab☆68Updated 4 years ago
- Identify Azure blobs using a wordlist of account name and container name strings☆36Updated 4 years ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆51Updated 2 years ago
- Practical Threat Detection Engineering, Published by Packt☆65Updated last year
- ☆12Updated last year
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆128Updated 2 years ago
- SPL cheatsheet for Splunk.☆20Updated 2 years ago
- Some important DFIR Resources☆83Updated last year
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆86Updated last year
- Serverless AWS application to upload and hash evidence files.☆21Updated 2 years ago