center-for-threat-informed-defense / insider-threat-ttp-kb
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
☆143Updated 8 months ago
Alternatives and similar repositories for insider-threat-ttp-kb:
Users that are interested in insider-threat-ttp-kb are comparing it to the libraries listed below
- Dettectinator - The Python library to your DeTT&CT YAML files.☆111Updated 3 weeks ago
- ☆94Updated 2 years ago
- OSSEM Detection Model☆178Updated 2 years ago
- Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques☆132Updated last year
- SIEGMA - Transform Sigma rules into SIEM consumables☆149Updated last month
- Creating a resource to help build and manage an Insider Threat program.☆67Updated 3 months ago
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆201Updated 4 years ago
- 🚨ATTENTION🚨 The CVE mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as…☆235Updated last year
- Rules generated from our investigations.☆194Updated last month
- This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defense…☆71Updated 3 years ago
- Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translatin…☆126Updated last month
- an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques☆184Updated 3 years ago
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆276Updated last year
- An opensource sigma conversion tool built using pysigma☆124Updated 4 months ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆63Updated last year
- Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …☆126Updated 9 months ago
- Sigma rules from Joe Security☆209Updated 6 months ago
- Resources To Learn And Understand SIGMA Rules☆174Updated 2 years ago
- This content is analysis and research of the data sources currently listed in ATT&CK.☆409Updated last year
- A repository of my own Sigma detection rules.☆158Updated 7 months ago
- Detection Ideas & Rules repository.☆179Updated 3 years ago
- ☆125Updated last year
- Splunk code (SPL) for serious threat hunters and detection engineers.☆276Updated last year
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆357Updated 3 months ago
- An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…☆352Updated last week
- MAD ATT&CK Defender: ATT&CK Adversary Emulation Repository☆114Updated 2 years ago
- Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help det…☆49Updated last month
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆211Updated last month
- Intel Retrieval Augmented Generation (RAG) Utilities☆91Updated last year
- The Infosec Community Definitive Guide to Jupyter Notebooks☆121Updated 4 years ago