cea-sec / openwec
An implementation of a Windows Event Collector server running on GNU/Linux.
☆70Updated this week
Alternatives and similar repositories for openwec:
Users that are interested in openwec are comparing it to the libraries listed below
- A pySigma wrapper to manage detection rules.☆37Updated last week
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆63Updated 3 weeks ago
- pySigma Elasticsearch backend☆53Updated this week
- The core backend server handling API requests and task management☆38Updated 2 weeks ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆109Updated last year
- The Sigma command line interface based on pySigma☆151Updated last week
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆76Updated last year
- Anything Sysmon related from the MSTIC R&D team☆152Updated 10 months ago
- Powershell module for VMWare vSphere forensics☆150Updated 5 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆78Updated 2 weeks ago
- Convert Sigma rules to Wazuh rules☆64Updated last year
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆103Updated 6 months ago
- Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)☆23Updated 2 years ago
- A repository to share publicly available Velociraptor detection content☆156Updated this week
- The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access…☆57Updated this week
- Convert Sigma rules to SIEM queries, directly in your browser.☆74Updated this week
- LOKI2 - Simple IOC and YARA Scanner☆92Updated 8 months ago
- SOARCA - The Open Source CACAO-based Security Orchestrator!☆72Updated 2 weeks ago
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- Forensic Artifact Collection Tool Matrix☆83Updated 5 months ago
- pySigma Splunk backend☆38Updated 2 months ago
- ☆36Updated 4 months ago
- Sample evtx files to use for testing hayabusa detection rules☆52Updated 5 months ago
- A collection of tips for using MISP.☆74Updated 4 months ago
- Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other se…☆88Updated 2 weeks ago
- Elastic Security Labs releases☆62Updated 3 weeks ago
- ☆83Updated last month
- Initial triage of Windows Event logs☆97Updated 10 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆52Updated last year
- An opensource sigma conversion tool built using pysigma☆124Updated 4 months ago