center-for-threat-informed-defense / insider-threat-ttp-kb
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
☆142Updated 6 months ago
Alternatives and similar repositories for insider-threat-ttp-kb:
Users that are interested in insider-threat-ttp-kb are comparing it to the libraries listed below
- Dettectinator - The Python library to your DeTT&CT YAML files.☆109Updated 2 months ago
- ☆93Updated 2 years ago
- Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques☆132Updated last year
- OSSEM Detection Model☆177Updated 2 years ago
- Creating a resource to help build and manage an Insider Threat program.☆67Updated last month
- SIEGMA - Transform Sigma rules into SIEM consumables☆149Updated 2 weeks ago
- Rules generated from our investigations.☆192Updated this week
- Sigma rules from Joe Security☆207Updated 4 months ago
- This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defense…☆71Updated 3 years ago
- CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable repor…☆231Updated this week
- Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques t…☆117Updated last week
- 🚨ATTENTION🚨 The CVE mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as…☆235Updated 11 months ago
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆198Updated 4 years ago
- Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translatin…☆126Updated 10 months ago
- This content is analysis and research of the data sources currently listed in ATT&CK.☆408Updated last year
- An opensource sigma conversion tool built using pysigma☆121Updated 3 months ago
- An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…☆346Updated this week
- Resources To Learn And Understand SIGMA Rules☆173Updated 2 years ago
- Sublime rules for email attack detection, prevention, and threat hunting.☆281Updated this week
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆118Updated last year
- A repository of my own Sigma detection rules.☆157Updated 6 months ago
- an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques☆184Updated 2 years ago
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆352Updated 2 months ago
- ☆125Updated last year
- Resources for SANS CTI Summit 2021 presentation☆102Updated last year
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆110Updated 4 months ago
- This is a repository of vendor-agnostic workflows provided for those interested in deploying Security Orchestration, Automation, and Resp…☆81Updated 4 years ago
- Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help det…☆49Updated this week
- Intel Retrieval Augmented Generation (RAG) Utilities☆90Updated last year
- The Infosec Community Definitive Guide to Jupyter Notebooks☆121Updated 4 years ago