The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
☆152Jul 9, 2025Updated 9 months ago
Alternatives and similar repositories for insider-threat-ttp-kb
Users that are interested in insider-threat-ttp-kb are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Creating a resource to help build and manage an Insider Threat program.☆101Jan 30, 2025Updated last year
- Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques t…☆123May 28, 2025Updated 10 months ago
- Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by devel…☆727Nov 14, 2025Updated 5 months ago
- Incident Response Report Using GitHub-Sphinx☆21Oct 28, 2019Updated 6 years ago
- TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE AT…☆557May 6, 2025Updated 11 months ago
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- ☆18Sep 13, 2021Updated 4 years ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆103Mar 21, 2026Updated 3 weeks ago
- A dataset of phishing kits in the wild☆15Jun 1, 2024Updated last year
- Detect Tactics, Techniques & Combat Threats☆2,280Jan 21, 2026Updated 2 months ago
- CASCADE Server☆274Dec 8, 2022Updated 3 years ago
- 🚨ATTENTION🚨 The NIST 800-53 mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept…☆496Apr 3, 2024Updated 2 years ago
- Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE…☆38May 28, 2025Updated 10 months ago
- Repo for Automations and other solutions for Elastic SIEM/Security.☆18Jun 15, 2021Updated 4 years ago
- ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, conte…☆82Mar 19, 2026Updated last month
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- A web API for various cyber threat intelligence frameworks, including MITRE ATT&CK, CWE, ATLAS...☆19Apr 9, 2026Updated last week
- Splunk Security Content☆1,609Updated this week
- Built-in Panther detection rules and policies☆445Updated this week
- 🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is k…☆387Apr 3, 2024Updated 2 years ago
- An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…☆415Updated this week
- This use case aims to leverage stream reasoning techniques and the concept of semantic importance to detect one attacking type of the ins…☆23Jan 9, 2017Updated 9 years ago
- Python library to query various sources of threat intelligence for data on domains, file hashes, and IP addresses.☆31Nov 6, 2023Updated 2 years ago
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆47Jan 2, 2022Updated 4 years ago
- YARA, SIGMA, SNORT Rules based on Malware Analysis☆17Apr 23, 2025Updated 11 months ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.☆2,092May 28, 2025Updated 10 months ago
- A curated list of awesome things related to TheHive & Cortex☆185Oct 9, 2021Updated 4 years ago
- Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help det…☆53Jun 21, 2025Updated 9 months ago
- CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable repor…☆287Mar 20, 2025Updated last year
- OWASP Foundation Web Respository☆32Oct 11, 2025Updated 6 months ago
- VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities a…☆1,564Apr 3, 2026Updated 2 weeks ago
- 🚨ATTENTION🚨 The CVE mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as…☆245Apr 3, 2024Updated 2 years ago
- Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation o…☆1,168Apr 1, 2026Updated 2 weeks ago
- ☆552Dec 4, 2023Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆532Feb 25, 2026Updated last month
- Searches for Insider Threat Hunting☆30May 2, 2019Updated 6 years ago
- Get started using Synapse Open-Source to start a Cortex and perform analysis within your area of expertise.☆50May 16, 2022Updated 3 years ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆810Jan 14, 2026Updated 3 months ago
- ☆77Jul 22, 2020Updated 5 years ago
- Open Source Security Events Metadata (OSSEM)☆1,290Feb 27, 2023Updated 3 years ago
- The Purpose of this research tool is to provide a Python client into RiskIQ API services.☆22Feb 4, 2021Updated 5 years ago