cdefid / TheHiveIRPlaybook
TheHiveIRPlaybook is a collection of TheHive case templates used for Incident Response
☆12Updated 4 years ago
Related projects: ⓘ
- Repository for SPEED SIEM Use Case Framework☆52Updated 4 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆51Updated 3 years ago
- Recon Hunt Queries☆76Updated 3 years ago
- ☆27Updated this week
- Technical add-on for Splunk related to TheHive/Cortex from TheHive project☆47Updated 2 months ago
- Library of threat hunts to get any user started!☆40Updated 4 years ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆51Updated 2 years ago
- Web app that provides basic navigation and annotation of ATT&CK matrices☆16Updated 3 years ago
- The Intelligent Process Lifecycle of Active Cyber Defenders☆31Updated last year
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆23Updated 3 years ago
- A MITRE ATT&CK Lookup Tool☆41Updated 4 months ago
- Microsoft GPO Readiness Lateral Movement Detection Tool☆15Updated last year
- Notes from my "Implementing a Kick-Butt Training Program: Blue Team GO!" talk☆12Updated 5 years ago
- Threat Hunter's Knowledge Base☆21Updated 2 years ago
- A script to create and assign SOP tasks into the cases☆18Updated 4 years ago
- Sharing Threat Hunting runbooks☆24Updated 5 years ago
- Scripts for TheHive.☆22Updated 4 years ago
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆44Updated 2 years ago
- CSIRT Jump Bag☆26Updated 4 months ago
- Automatic detection engineering technical state compliance☆49Updated 2 months ago
- Open source training materials for law-enforcement and organisations interested in DFIR.☆55Updated 2 years ago
- DNS Dashboard for hunting and identifying beaconing☆14Updated 4 years ago
- Incident Response Report Using GitHub-Sphinx☆19Updated 4 years ago
- Collection of scripts provided for public use☆28Updated last month
- Expert Investigation Guides☆50Updated 3 years ago
- Cyber Threats Detection Rules☆13Updated last week
- Utilizing your Threat data from a MISP instance into CarbonBlack Response by exposing the data in the Threat Intelligence Feed.☆19Updated 2 years ago
- ☆76Updated 5 years ago
- ☆28Updated last year
- A Sigma to Wazuh / OSSEC converter including a generated Windows Sysmon ruleset☆33Updated 4 years ago