center-for-threat-informed-defense / insider-threat-ttp-kbLinks
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
☆148Updated 5 months ago
Alternatives and similar repositories for insider-threat-ttp-kb
Users that are interested in insider-threat-ttp-kb are comparing it to the libraries listed below
Sorting:
- ☆98Updated 3 years ago
- OSSEM Detection Model☆182Updated 3 years ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆119Updated 8 months ago
- Sublime rules for email attack detection, prevention, and threat hunting.☆336Updated last week
- Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques☆141Updated last year
- SIEGMA - Transform Sigma rules into SIEM consumables☆157Updated 9 months ago
- Creating a resource to help build and manage an Insider Threat program.☆101Updated 10 months ago
- Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques t…☆119Updated 6 months ago
- Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help det…☆50Updated 6 months ago
- 🚨ATTENTION🚨 The CVE mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as…☆242Updated last year
- 🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here …☆72Updated last year
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆67Updated last year
- An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…☆402Updated last week
- Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogue…☆85Updated last week
- The Infosec Community Definitive Guide to Jupyter Notebooks☆130Updated 5 years ago
- Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …☆132Updated last year
- Resources To Learn And Understand SIGMA Rules☆181Updated 2 years ago
- Collection of Jupyter Notebooks by @fr0gger_☆188Updated last week
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆245Updated 8 months ago
- Rules generated from our investigations.☆203Updated 6 months ago
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆214Updated 5 years ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆114Updated last year
- This content is analysis and research of the data sources currently listed in ATT&CK.☆414Updated 2 years ago
- Threat Hunting queries for various attacks☆244Updated this week
- Anvilogic Forge☆113Updated 3 months ago
- Threat Hunting & Incident Investigation with Osquery☆215Updated 3 years ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆51Updated 7 months ago
- Resources for SANS CTI Summit 2021 presentation☆104Updated 2 years ago
- An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.☆167Updated 3 weeks ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆60Updated 3 years ago