cea-sec / openwec
An implementation of a Windows Event Collector server running on GNU/Linux.
☆51Updated this week
Related projects ⓘ
Alternatives and complementary repositories for openwec
- A pySigma wrapper to manage detection rules.☆27Updated this week
- The core backend server handling API requests and task management☆31Updated this week
- Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert☆37Updated 2 years ago
- Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…☆63Updated last month
- A collection of tips for using MISP.☆74Updated 7 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆66Updated this week
- Anything Sysmon related from the MSTIC R&D team☆146Updated 5 months ago
- Configurations for DFIR ORC☆24Updated 7 months ago
- pySigma Splunk backend☆34Updated 7 months ago
- Cisco Orbital - Osquery queries by Talos☆122Updated 2 months ago
- Load MISP events into memcached for log enrichment using logstash☆12Updated 4 years ago
- Red Canary's eBPF Sensor☆101Updated 4 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆68Updated 11 months ago
- Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other se…☆83Updated 3 weeks ago
- The Sigma command line interface based on pySigma☆134Updated 3 months ago
- Zeek Extension to Collect Metadata for Profiling of Endpoints and Proxies☆25Updated 7 months ago
- Osquery Resources☆59Updated 5 years ago
- Forensic Artifact Collection Tool Matrix☆73Updated 2 years ago
- A Splunk Technology Add-on to forward filtered ETW events.☆30Updated 4 years ago
- A repository of Sysmon For Linux configuration modules☆15Updated 3 years ago
- Automatic detection engineering technical state compliance☆50Updated 4 months ago
- Open source endpoint agent providing host information to Zeek. [v2]☆65Updated 2 weeks ago
- A Linux Auditd rule set mapped to MITRE's Attack Framework☆89Updated last year
- Pushes Sysmon Configs☆89Updated 3 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆80Updated 4 months ago
- A Sigma to Wazuh / OSSEC converter including a generated Windows Sysmon ruleset☆33Updated 4 years ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆88Updated 2 years ago
- ☆31Updated 3 weeks ago
- A repository to share publicly available Velociraptor detection content☆119Updated this week