center-for-threat-informed-defense / insider-threat-ttp-kbLinks
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
☆145Updated this week
Alternatives and similar repositories for insider-threat-ttp-kb
Users that are interested in insider-threat-ttp-kb are comparing it to the libraries listed below
Sorting:
- Dettectinator - The Python library to your DeTT&CT YAML files.☆114Updated 3 months ago
- ☆95Updated 2 years ago
- Creating a resource to help build and manage an Insider Threat program.☆70Updated 5 months ago
- Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques☆135Updated last year
- OSSEM Detection Model☆176Updated 2 years ago
- 🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here …☆71Updated last year
- an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques☆186Updated 3 years ago
- Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help det…☆50Updated 3 weeks ago
- Sublime rules for email attack detection, prevention, and threat hunting.☆313Updated this week
- This is a collection of threat detection rules / rules engines that I have come across.☆290Updated last year
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆64Updated last year
- Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques t…☆119Updated last month
- 🚨ATTENTION🚨 The CVE mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as…☆239Updated last year
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆206Updated 5 years ago
- Rules generated from our investigations.☆196Updated 3 weeks ago
- Sigma rules from Joe Security☆217Updated 8 months ago
- Resources To Learn And Understand SIGMA Rules☆178Updated 2 years ago
- The Infosec Community Definitive Guide to Jupyter Notebooks☆122Updated 4 years ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆151Updated 4 months ago
- An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…☆364Updated this week
- CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable repor…☆260Updated 3 months ago
- A repository of my own Sigma detection rules.☆159Updated 10 months ago
- Threat Hunting queries for various attacks☆237Updated this week
- This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defense…☆72Updated 4 years ago
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆282Updated last year
- An opensource sigma conversion tool built using pysigma☆131Updated 3 weeks ago
- Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translatin…☆126Updated 3 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆46Updated 2 months ago
- This content is analysis and research of the data sources currently listed in ATT&CK.☆412Updated last year
- Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …☆128Updated 11 months ago