center-for-threat-informed-defense / insider-threat-ttp-kbView external linksLinks
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
☆149Jul 9, 2025Updated 7 months ago
Alternatives and similar repositories for insider-threat-ttp-kb
Users that are interested in insider-threat-ttp-kb are comparing it to the libraries listed below
Sorting:
- Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by devel…☆713Nov 14, 2025Updated 3 months ago
- Creating a resource to help build and manage an Insider Threat program.☆102Jan 30, 2025Updated last year
- Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques t…☆123May 28, 2025Updated 8 months ago
- TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE AT…☆545May 6, 2025Updated 9 months ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆102Jul 10, 2025Updated 7 months ago
- A dataset of phishing kits in the wild☆15Jun 1, 2024Updated last year
- ☆14Jul 9, 2024Updated last year
- 🚨ATTENTION🚨 The NIST 800-53 mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept…☆497Apr 3, 2024Updated last year
- Detect Tactics, Techniques & Combat Threats☆2,262Jan 21, 2026Updated 3 weeks ago
- Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE…☆38May 28, 2025Updated 8 months ago
- Ayaabu is a funny trick that fake the installation of many Antivirus☆12Jul 6, 2016Updated 9 years ago
- An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…☆405Updated this week
- Python library to query various sources of threat intelligence for data on domains, file hashes, and IP addresses.☆31Nov 6, 2023Updated 2 years ago
- YARA, SIGMA, SNORT Rules based on Malware Analysis☆16Apr 23, 2025Updated 9 months ago
- A framework and taxonomy for identifying, classifying, and reasoning about detection logic bugs in SIEM, EDR, and XDR rules, with concret…☆40Updated this week
- Incident Response Report Using GitHub-Sphinx☆20Oct 28, 2019Updated 6 years ago
- Built-in Panther detection rules and policies☆438Updated this week
- Elastic version of SOC prime watcher rules☆30Oct 14, 2024Updated last year
- An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.☆2,073May 28, 2025Updated 8 months ago
- CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable repor…☆281Mar 20, 2025Updated 10 months ago
- Repo for Automations and other solutions for Elastic SIEM/Security.☆18Jun 15, 2021Updated 4 years ago
- 🚒 Don't let threats reach your machines — USB Mass Storage Gateway☆17Oct 30, 2019Updated 6 years ago
- Get started using Synapse Open-Source to start a Cortex and perform analysis within your area of expertise.☆50May 16, 2022Updated 3 years ago
- Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help det…☆50Jun 21, 2025Updated 7 months ago
- 🚨ATTENTION🚨 The CVE mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as…☆240Apr 3, 2024Updated last year
- VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities a…☆1,546Feb 10, 2026Updated last week
- 🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is k…☆388Apr 3, 2024Updated last year
- Web based analysis platform for use with the AWS_IR command line tool.☆17Aug 4, 2016Updated 9 years ago
- Splunk Security Content☆1,572Updated this week
- ☆552Dec 4, 2023Updated 2 years ago
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆519Dec 19, 2025Updated last month
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Jan 18, 2022Updated 4 years ago
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆39Dec 17, 2025Updated 2 months ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆800Jan 14, 2026Updated last month
- ☆18Sep 13, 2021Updated 4 years ago
- Tweettioc Splunk App☆20Aug 25, 2020Updated 5 years ago
- CASCADE Server☆274Dec 8, 2022Updated 3 years ago
- Open Source Security Events Metadata (OSSEM)☆1,286Feb 27, 2023Updated 2 years ago
- Qemuno Framework☆24Sep 8, 2022Updated 3 years ago