brexhq/substation external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

brexhq/substation

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/brexhq/substation)

Close

brexhq / substationView on GitHubMore

• External links
• Readme badge

Substation is a toolkit for routing, normalizing, and enriching security event and audit logs.

☆400Jan 20, 2026Updated 4 months ago

Alternatives and similar repositories for substation

Users that are interested in substation are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆339May 7, 2026Updated 3 weeks ago
• jshlbrd / detection-engineering-pocket-guide

  View on GitHub
  pocket guide for core detection engineering concepts
  ☆31May 8, 2023Updated 3 years ago
• matanolabs / matano

  View on GitHub
  Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
  ☆1,672Jan 8, 2025Updated last year
• hashicorp-forge / grove

  View on GitHub
  A Software as a Service (SaaS) log collection framework.
  ☆187Apr 13, 2026Updated last month
• 0x4D31 / detection-and-response-pipeline

  View on GitHub
  ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …
  ☆293Feb 5, 2024Updated 2 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• shellcromancer / audit-log-wall-of-shame

  View on GitHub
  Audit log wall of shame.
  ☆42Aug 20, 2025Updated 9 months ago
• Permiso-io-tools / LogLicker

  View on GitHub
  Tool for obfuscating and deobfuscating data.
  ☆78Mar 20, 2024Updated 2 years ago
• infosecB / Rulehound

  View on GitHub
  An index of publicly available and open-source threat detection rulesets.
  ☆136Apr 17, 2025Updated last year
• FoxIO-LLC / LogSlash

  View on GitHub
  A standard for reducing log volume without sacrificing analytical capability
  ☆216Feb 21, 2025Updated last year
• aws-samples / data-perimeter-helper

  View on GitHub
  Data perimeter helper is a tool that helps you design and anticipate the impact of your data perimeter controls
  ☆18Jan 21, 2026Updated 4 months ago
• primeharbor / sensitive_iam_actions

  View on GitHub
  Crowdsourced list of sensitive IAM Actions
  ☆159Oct 29, 2024Updated last year
• DataDog / stratus-red-team

  View on GitHub
  Granular, Actionable Adversary Emulation for the Cloud
  ☆2,326May 21, 2026Updated last week
• aquia-inc / scpkit

  View on GitHub
  SCP management tool
  ☆136Oct 23, 2023Updated 2 years ago
• runreveal / sigmalite

  View on GitHub
  ☆57Dec 13, 2025Updated 5 months ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• zmallen / cloudtrail2sightings

  View on GitHub
  Convert cloudtrail data to MITRE ATT&CK Sightings
  ☆82Jul 25, 2022Updated 3 years ago
• chainguard-dev / osquery-defense-kit

  View on GitHub
  Production-ready detection & response queries for osquery
  ☆606Apr 22, 2026Updated last month
• ocsf / ocsf-schema

  View on GitHub
  OCSF Schema
  ☆827May 20, 2026Updated last week
• crashappsec / github-analyzer

  View on GitHub
  A tool to check the security settings of Github Organizations.
  ☆75Feb 9, 2026Updated 3 months ago
• Algbra-Labs-OSS / Chronicle

  View on GitHub
  ☆66May 21, 2024Updated 2 years ago
• palantir / alerting-detection-strategy-framework

  View on GitHub
  A framework for developing alerting and detection strategies for incident response.
  ☆875Sep 8, 2025Updated 8 months ago
• tuckner / automation-capability-matrix

  View on GitHub
  A tool that allows you to document and assess any security automation in your SOC
  ☆50Oct 31, 2024Updated last year
• DataDog / grimoire

  View on GitHub
  Generate datasets of cloud audit logs for common attacks
  ☆238May 7, 2026Updated 3 weeks ago
• Permiso-io-tools / cloudtail

  View on GitHub
  ☆30Jan 13, 2026Updated 4 months ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• jatrost / awesome-kubernetes-threat-detection

  View on GitHub
  A curated list of resources about detecting threats and defending Kubernetes systems.
  ☆407Sep 2, 2023Updated 2 years ago
• jshlbrd / threat-hunting-pocket-guide

  View on GitHub
  pocket guide for core threat hunting concepts
  ☆23May 6, 2020Updated 6 years ago
• infosecB / awesome-detection-engineering

  View on GitHub
  Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation o…
  ☆1,201May 16, 2026Updated 2 weeks ago
• jatrost / awesome-detection-rules

  View on GitHub
  This is a collection of threat detection rules / rules engines that I have come across.
  ☆300May 5, 2024Updated 2 years ago
• PaloAltoNetworks / IAM-Deescalate

  View on GitHub
  IAM-Deescalate helps mitigate privilege escalation risk in AWS identity and access management (IAM)
  ☆98Sep 14, 2022Updated 3 years ago
• panther-labs / panther-analysis

  View on GitHub
  Built-in Panther detection rules and policies
  ☆452May 22, 2026Updated last week
• target / strelka

  View on GitHub
  Real-time, container-based file scanning at enterprise scale
  ☆987May 23, 2026Updated last week
• blackstork-io / fabric

  View on GitHub
  An open-source command-line tool for cybersecurity reporting automation and a configuration language for reusable templates. Reporting-as…
  ☆71Jul 6, 2025Updated 10 months ago
• tenzir / tenzir

  View on GitHub
  Tenzir is the data pipeline engine for security teams.
  ☆739Updated this week
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• fwdcloudsec / known_aws_accounts

  View on GitHub
  List of known AWS accounts
  ☆260Apr 2, 2026Updated last month
• infosecB / LOOBins

  View on GitHub
  Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…
  ☆539Apr 30, 2026Updated last month
• facebookincubator / TTPForge

  View on GitHub
  The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).
  ☆421Updated this week
• aquia-inc / aws-guardduty-runbook-generator

  View on GitHub
  Generates runbooks for GuardDuty findings
  ☆38Jun 24, 2024Updated last year
• sublime-security / sublime-rules

  View on GitHub
  Sublime rules for email attack detection, prevention, and threat hunting.
  ☆361May 21, 2026Updated last week
• primeharbor / aws-fast-fixes

  View on GitHub
  Scripts to quickly fix security and compliance issues
  ☆28Mar 10, 2026Updated 2 months ago
• 0xtibs / Threat_Intel

  View on GitHub
  Automating simple report creating of threat intelligence using ChatGPT and Greynoise API.
  ☆10Oct 3, 2023Updated 2 years ago