brianreitz / awesome-blueteam
A list of resources to build a information security team.
☆13Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for awesome-blueteam
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 7 months ago
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆45Updated 7 months ago
- A collection of various SIEM rules relating to malware family groups.☆62Updated 5 months ago
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 3 months ago
- ☆49Updated last year
- This repo is where I store my Threat Hunting ideas/content☆85Updated last year
- ☆43Updated last month
- Sigma detection rules for hunting with the threathunting-keywords project☆47Updated 3 weeks ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 6 months ago
- Conference presentations☆47Updated last year
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆79Updated 3 months ago
- Security Scripts and Sources for daily usage.☆49Updated 3 weeks ago
- ☆70Updated last month
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆57Updated 3 weeks ago
- User Feedback Space of #MitreAssistant☆37Updated last year
- Full of public notes and Utilities☆87Updated last week
- Collection of PowerShell functinos and scripts a Blue Teamer might use☆83Updated last year
- A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments☆64Updated 2 years ago
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆39Updated 2 weeks ago
- Hunting Queries for Defender ATP☆73Updated last week
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 6 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆148Updated 6 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆76Updated last week
- This is the One Stop place where you can several Detection Rules which can help you to kick start your journey on SIEM, SOC work.☆36Updated 3 years ago
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆86Updated 3 years ago
- ☆52Updated last year
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆48Updated 2 years ago
- CarbonBlack EDR detection rules and response actions☆71Updated 2 months ago
- A tool to display Windows Event logs as they happen.☆12Updated last year
- This repository contains Splunk queries to hunt some anomalies☆38Updated 2 years ago