bluemountaincyber / building-detections-aws
☆15Updated last year
Alternatives and similar repositories for building-detections-aws:
Users that are interested in building-detections-aws are comparing it to the libraries listed below
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆69Updated 10 months ago
- ☆93Updated 2 years ago
- ☆13Updated last year
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated 10 months ago
- A preconfigured Velociraptor triage collector☆43Updated this week
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆53Updated last year
- Conference presentations☆47Updated last year
- ☆42Updated 2 years ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆110Updated 4 months ago
- Notes on responding to security breaches relating to Azure AD☆104Updated 3 years ago
- Cybersecurity Incident Response Plan☆89Updated 4 years ago
- ☆12Updated last year
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆52Updated last year
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆132Updated 2 years ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆197Updated 6 months ago
- A POC to implement Detection-as-Code with Terraform and Sumo Logic.☆27Updated last year
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆161Updated 3 weeks ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆118Updated last year
- A tool that allows you to document and assess any security automation in your SOC☆46Updated 4 months ago
- Security Scripts and Sources for daily usage.☆55Updated last week
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆86Updated last year
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆51Updated 2 years ago
- A collection of various SIEM rules relating to malware family groups.☆65Updated 9 months ago
- ☆41Updated 10 months ago
- Docker Crash Course: How to containerize your favorite security tools☆27Updated last year
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆91Updated last year
- ☆42Updated 11 months ago
- Identify Azure blobs using a wordlist of account name and container name strings☆39Updated 2 weeks ago
- A library of reference materials, tools, and other resources to aid threat profiling, threat quantification, and cyber adversary defense☆85Updated last year
- Automating Security Detection Engineering, published by Packt☆53Updated 5 months ago