cea-sec / openwec
An implementation of a Windows Event Collector server running on GNU/Linux.
☆70Updated last week
Alternatives and similar repositories for openwec:
Users that are interested in openwec are comparing it to the libraries listed below
- A pySigma wrapper to manage detection rules.☆37Updated 3 weeks ago
- The core backend server handling API requests and task management☆38Updated 2 weeks ago
- A repository to share publicly available Velociraptor detection content☆139Updated this week
- pySigma Elasticsearch backend☆50Updated this week
- Venture: Cross-Platform GUI tool for parsing and analyzing Windows event logs☆81Updated 2 months ago
- The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access…☆54Updated this week
- Powershell module for VMWare vSphere forensics☆150Updated 4 months ago
- Anything Sysmon related from the MSTIC R&D team☆151Updated 9 months ago
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆76Updated last year
- Pushes Sysmon Configs☆88Updated 3 years ago
- Kerberos Haters Guide to Zeek Threat Hunting☆25Updated 3 years ago
- Technical add-on for Splunk related to TheHive/Cortex from TheHive project☆53Updated last week
- LOKI2 - Simple IOC and YARA Scanner☆88Updated 8 months ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆60Updated this week
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆78Updated last week
- Alternative YARA scanning engine☆70Updated 2 years ago
- gmsad manages Active Directory group Managed Service Account (gMSA) on Linux☆28Updated 3 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆101Updated 5 months ago
- ☆33Updated 5 months ago
- Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert☆36Updated 2 years ago
- ☆81Updated 3 weeks ago
- Convert Sigma rules to SIEM queries, directly in your browser.☆65Updated this week
- An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.☆146Updated last month
- SIEGMA - Transform Sigma rules into SIEM consumables☆149Updated 2 weeks ago
- Forensic Artifact Collection Tool Matrix☆83Updated 4 months ago
- Load MISP events into memcached for log enrichment using logstash☆12Updated 4 years ago
- ☆36Updated 3 months ago
- Validates Sigma rules using the JSON schema☆16Updated last year
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆108Updated last year