Office365 Log Analysis Framework
☆81Jun 6, 2019Updated 6 years ago
Alternatives and similar repositories for olaf
Users that are interested in olaf are comparing it to the libraries listed below
Sorting:
- Parser for Windows Scheduled Task files.☆13Apr 26, 2023Updated 2 years ago
- ☆262Jul 6, 2018Updated 7 years ago
- Windows registry samples☆24Nov 18, 2018Updated 7 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆79Jan 9, 2024Updated 2 years ago
- Parser for Windows PowerShell script block logs☆100Aug 4, 2024Updated last year
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…☆41Oct 20, 2020Updated 5 years ago
- PowerShell module for Office 365 and Azure log collection☆280Sep 22, 2025Updated 6 months ago
- Another MISP module for Python☆18Feb 17, 2020Updated 6 years ago
- Modified edition of cuckoo☆18Feb 14, 2018Updated 8 years ago
- Set of utilities for getting information about Windows Events☆15Jun 5, 2018Updated 7 years ago
- Binary commandline executable to parse ETL files☆69Jun 7, 2018Updated 7 years ago
- Microsoft Office365 Protection Center Audit Log Parser☆27Jul 17, 2023Updated 2 years ago
- ☆310Aug 14, 2020Updated 5 years ago
- ☆33Nov 21, 2024Updated last year
- ATT&CK Remote Threat Hunting Incident Response☆206Dec 8, 2024Updated last year
- The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…☆279Feb 2, 2021Updated 5 years ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆267Feb 3, 2022Updated 4 years ago
- Proof of concept incident response demo using SSM and AWS Fargate.☆14Dec 5, 2019Updated 6 years ago
- Publicly shareable windows event log message data☆28Nov 29, 2019Updated 6 years ago
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆506Oct 21, 2022Updated 3 years ago
- Tools for parsing Forensic images☆41Dec 14, 2018Updated 7 years ago
- Carve $MFT records from a chunk of data (for instance a memory dump)☆16Aug 21, 2016Updated 9 years ago
- Scripts and code referenced in CrowdStrike blog posts☆339Nov 13, 2019Updated 6 years ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆160Mar 27, 2023Updated 2 years ago
- Maps process creation logged by Sysmon uses Google Org Chart API☆23Mar 5, 2016Updated 10 years ago
- Slides and material from my conference presentations☆16Mar 30, 2024Updated last year
- ☆14May 30, 2018Updated 7 years ago
- Carves and recreates VSS catalog and store from Windows disk image.☆100Jan 24, 2023Updated 3 years ago
- Forensic Scanner☆41Nov 29, 2012Updated 13 years ago
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- Splunk App to assist Sysmon Threat Hunting☆38Mar 7, 2017Updated 9 years ago
- Remote Memory Acquisition Tool☆253Sep 22, 2020Updated 5 years ago
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆737Jun 5, 2025Updated 9 months ago
- Konrads' Pen-Ultimate (Windows) Log File Parser☆14Dec 27, 2025Updated 2 months ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- ☆93Jul 30, 2025Updated 7 months ago
- Checks observables/ioc in TheHive/Cortex against the MISP warningslists☆14Dec 27, 2017Updated 8 years ago
- PowerShell script for hunting webshells on Microsoft Exchange Servers.☆56Feb 1, 2017Updated 9 years ago
- This module installs and configures MISP (Malware Information Sharing Platform)☆14Mar 6, 2026Updated 2 weeks ago