bruneaug / DShield-SIEM

Related projects ⓘ

Alternatives and complementary repositories for DShield-SIEM

• ANSSI-FR / orc2timeline
  orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them
  ☆25Updated 3 weeks ago
• curated-intel / The-CTI-Research-Guide
  A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners
  ☆44Updated last week
• joeavanzato / crackdown
  Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.
  ☆15Updated last year
• joeavanzato / velociraptor-timeline-creator
  VTC - Velociraptor Timeline Creator
  ☆15Updated 5 months ago
• securityjoes / Crowdstrike-Deploy
  The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.
  ☆22Updated 2 months ago
• Retrospected / PurpleKeep
  Providing Azure pipelines to create an infrastructure and run Atomic tests.
  ☆50Updated last year
• zolderio / misp-to-sentinel
  Azure function to insert MISP data in to Azure Sentinel
  ☆30Updated 2 years ago
• magicsword-io / LOLBASline
  Baseline a Windows System against LOLBAS
  ☆24Updated 6 months ago
• alwashali / detection-validation
  Detection rule validation
  ☆41Updated last year
• mdecrevoisier / Windows-auditing-baseline
  Provides an advanced baseline to implement a secure Windows auditing strategy on Windows OS.
  ☆45Updated 10 months ago
• OMENScan / AChoirX
  ReWrite of AChoir in Go for Cross Platform
  ☆34Updated 3 weeks ago
• DCScoder / ESXiTri
  ESXi Cyber Security Incident Response Script
  ☆20Updated 2 months ago
• MHaggis / ShellSweep
  ShellSweeping the evil.
  ☆52Updated 4 months ago
• svch0stz / velociraptor-detections
  ☆19Updated last year
• CyberCX-DFIR / usnjrnl_rewind
  USN Journal full path builder
  ☆36Updated last month
• redcanaryco / ansible-atomic-red-team
  This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam
  ☆24Updated 4 months ago
• khyrenz / parseusbs
  Parses USB connection artifacts from offline Registry hives
  ☆66Updated 3 weeks ago
• blueteam0ps / det-eng-samples
  This repository contains sample log data that were collected after running adversary simulations in Microsoft 365
  ☆20Updated last month
• yarox24 / EvtxHussar
  Initial triage of Windows Event logs
  ☆89Updated 4 months ago
• Neo23x0 / Talks
  Slides of my public talks
  ☆46Updated 10 months ago
• curated-intel / MOVEit-Transfer
  A repository for tracking events related to the MOVEit Transfer Cl0p Campaign
  ☆66Updated last year
• clr2of8 / TellTail
  A tool to display Windows Event logs as they happen.
  ☆12Updated last year
• elementalsouls / DumpLSASS
  ☆34Updated 8 months ago
• DefensiveOrigins / DO-LAB
  ☆43Updated 3 weeks ago
• stvemillertime / RonnieColemanYARAParser
  An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.
  ☆21Updated last year
• stuxnet999 / volatility-binaries
  Contains compiled binaries of Volatility
  ☆29Updated 3 weeks ago
• xg5-simon / MS-Graph-BlueTeam
  MS Graph Commands and Tools for Blue Teamers
  ☆48Updated 11 months ago
• tesorion / TCERT-Cumulonimbus-UAL_Extractor
  Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…
  ☆17Updated last year
• AndrewRathbun / SANSGoldPaperResearch_FOR500_Rathbun
  A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.
  ☆25Updated 2 years ago
• cyb3rmik3 / Hunting-Lists
  A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.
  ☆34Updated 3 months ago