cameling / logminer

Related projects: ⓘ

• Anonymity94 / spl2dsl
  Convert Splunk SPL to Elasticsearch DSL with pegjs
  ☆12Updated 2 years ago
• morrigan / user-behavior-anomaly-detector
  User anomaly detector based on logs generated by Osquery framework and machine learning to process those logs.
  ☆33Updated 7 years ago
• salspaugh / splparser
  Simple parser for Splunk Processing Language (SPL) written in Python.
  ☆35Updated 6 years ago
• chenryn / ESPL
  Elastic Search Processing Language
  ☆49Updated 7 years ago
• query-ai / queryai-kibana-plugin
  Query.AI plugin for Kibana
  ☆13Updated 4 years ago
• bez0r / BeaconBits
  Network timing evaluation used to detect beacons, works with argus flow as the source
  ☆18Updated 8 years ago
• apache / metron-bro-plugin-kafka
  Apache Metron
  ☆59Updated 3 years ago
• sshahriyar / totalads
  Total Anomaly Detection System for software logs and traces
  ☆9Updated 8 years ago
• kiwiz / esquery
  Elasticsearch querying library
  ☆20Updated 5 years ago
• myntra / cortex
  A fault-tolerant events/alerts correlation engine
  ☆25Updated 5 years ago
• osV22 / ATTACK-Force-Graph
  Generate JSON force-directed/ node graph data from MITRE's ATTACK framework and visualize it interactively
  ☆22Updated 3 years ago
• ssallys / p3
  An open source pcap packet and NetFlow file analysis tool using Hadoop MapReduce and Hive.
  ☆43Updated 11 years ago
• childe / dopey
  ES索引的维护脚本, 每天close delete reallocate optimize索引
  ☆23Updated 5 years ago
• corelight / got_zoom
  A Zeek package that detects Zoom logins and meeting joins
  ☆11Updated 4 years ago
• OpenSOC / opensoc-ui
  User interface for OpenSOC
  ☆100Updated 9 years ago
• Egida-Kassandra / kassandra
  Analysis of HTTP traffic and detection of anomalous user behavior in allowed actions. UEBA system.
  ☆20Updated last year
• dgunter / ParseZeekLogs
  Utility for parsing Bro log files into CSV or JSON format
  ☆41Updated last year
• sethhall / domain-tld
  Zeek script library for getting the effective TLD of a domain.
  ☆13Updated 5 months ago
• brimdata / brimcap
  Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)
  ☆74Updated this week
• ElasticSA / elsec_dr2an
  Script to create MITRE ATT&CK Navigator layers from the annotated detection rules in Elastic Security (Kibana).
  ☆20Updated last year
• opencybersecurityalliance / kestrel-analytics
  This repository hosts community contributed Kestrel analytics
  ☆14Updated 3 months ago
• OISF / suricata-intel-index
  Suricata rule and intel index
  ☆28Updated last month
• Cluster25 / detection
  Threat Detection Rules (Snort/Sigma/Yara)
  ☆12Updated 7 months ago
• abzcoding / aptdetector
  Advanced Persistent Threat Detection Using Network Analysis
  ☆21Updated 5 years ago
• Kirtar22 / ATTACK-Threat_Intel
  Graph Representation of MITRE ATT&CK's CTI data
  ☆47Updated 4 years ago
• carolynduby / ApacheMetronWorkshop
  Apache Metron Workshop Lab materials and instructions.
  ☆35Updated 4 years ago
• skalogs / SkaETL
  Open Source ETL designed for and dedicated to Log processing and transformation
  ☆68Updated last year
• kotlaluk / spl-parser
  Parser for Splunk's Search Processing Language (SPL) syntax highlighting
  ☆16Updated 4 years ago
• mylamour / DGADomain
  dga classification with fasttext
  ☆12Updated 5 years ago
• corelight / zeek-quic
  Bro analyzer that detects Google's QUIC protocol
  ☆10Updated 3 years ago