bluemountaincyber / evidence-app
Serverless AWS application to upload and hash evidence files.
☆19Updated last year
Related projects: ⓘ
- Use Terraform to Provision Your Own Cloud-Based Remote Browsing Workstation☆24Updated 4 months ago
- ☆15Updated last year
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆58Updated 4 months ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆64Updated 6 months ago
- Conference presentations☆45Updated 11 months ago
- ☆26Updated 2 years ago
- Jupyter notebooks☆22Updated 4 years ago
- ☆28Updated 3 years ago
- Distribution of the SANS SEC504 Windows Cheat Sheet Lab☆64Updated 4 years ago
- Automating Security Detection Engineering, published by Packt☆42Updated 3 months ago
- ☆42Updated 3 months ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆49Updated 2 years ago
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆122Updated last year
- Repo to track SANS BlueTeam Summit Presentation☆23Updated last year
- ☆58Updated 2 years ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆21Updated last year
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆51Updated last year
- Azure function to insert MISP data in to Azure Sentinel☆30Updated last year
- My Jupyter Notebooks☆36Updated 5 months ago
- Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents☆37Updated 4 months ago
- Configuration Management (CM) Security Playground. A small enterprise security lab to practice automation + CM tooling like Ansible, Che…☆10Updated last month
- ☆83Updated 2 years ago
- Simple parser to get useful information from AWS S3 logs☆24Updated 3 years ago
- A tool that allows you to document and assess any security automation in your SOC☆40Updated 4 months ago
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 5 months ago
- Identify Azure blobs using a wordlist of account name and container name strings☆31Updated 3 years ago
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆36Updated 2 years ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆93Updated 6 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 4 months ago
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆35Updated 3 years ago