Office365 Log Analysis Framework
☆81Jun 6, 2019Updated 6 years ago
Alternatives and similar repositories for olaf
Users that are interested in olaf are comparing it to the libraries listed below
Sorting:
- Parser for Windows Scheduled Task files.☆13Apr 26, 2023Updated 2 years ago
- Windows registry samples☆24Nov 18, 2018Updated 7 years ago
- A vulnerability assessment tool for system models☆13Oct 1, 2021Updated 4 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- Another MISP module for Python☆18Feb 17, 2020Updated 6 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- Konrads' Pen-Ultimate (Windows) Log File Parser☆14Dec 27, 2025Updated 2 months ago
- ☆262Jul 6, 2018Updated 7 years ago
- ATT&CK Remote Threat Hunting Incident Response☆206Dec 8, 2024Updated last year
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…☆41Oct 20, 2020Updated 5 years ago
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- A package to create HTML MISP reports, including volume of trending events and attributes, evens received from key organisations and targ…☆11Aug 14, 2025Updated 6 months ago
- ☆309Aug 14, 2020Updated 5 years ago
- Splunk App to assist Sysmon Threat Hunting☆38Mar 7, 2017Updated 8 years ago
- Tools for parsing Forensic images☆41Dec 14, 2018Updated 7 years ago
- Set of utilities for getting information about Windows Events☆15Jun 5, 2018Updated 7 years ago
- ☆14May 30, 2018Updated 7 years ago
- Proof of concept incident response demo using SSM and AWS Fargate.☆14Dec 5, 2019Updated 6 years ago
- Carves and recreates VSS catalog and store from Windows disk image.☆99Jan 24, 2023Updated 3 years ago
- PowerShell module for Office 365 and Azure log collection☆279Sep 22, 2025Updated 5 months ago
- Checks observables/ioc in TheHive/Cortex against the MISP warningslists☆14Dec 27, 2017Updated 8 years ago
- This module installs and configures MISP (Malware Information Sharing Platform)☆14Dec 29, 2025Updated 2 months ago
- Scripts and code referenced in CrowdStrike blog posts☆337Nov 13, 2019Updated 6 years ago
- Publicly shareable windows event log message data☆28Nov 29, 2019Updated 6 years ago
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆505Oct 21, 2022Updated 3 years ago
- The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…☆277Feb 2, 2021Updated 5 years ago
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- Carve $MFT records from a chunk of data (for instance a memory dump)☆16Aug 21, 2016Updated 9 years ago
- Generates YARA rules to detect malware using API hashing☆17Mar 16, 2021Updated 4 years ago
- Various tools and scripts☆43Nov 30, 2022Updated 3 years ago
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆735Jun 5, 2025Updated 8 months ago
- Threat Feed Aggregation, Made Easy☆169Jul 13, 2020Updated 5 years ago
- Expert Investigation Guides☆51Mar 18, 2021Updated 4 years ago
- InvestigationPlaybookSpec☆71Sep 26, 2017Updated 8 years ago
- Repository for all cbapi example scripts☆16Sep 18, 2018Updated 7 years ago
- A set of Bash scripts that allows you to repeatably collect and compare baseline audit data from Linux and Windows systems☆20Oct 19, 2013Updated 12 years ago
- Parser for Windows PowerShell script block logs☆100Aug 4, 2024Updated last year
- Remote Memory Acquisition Tool☆253Sep 22, 2020Updated 5 years ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆267Feb 3, 2022Updated 4 years ago