center-for-threat-informed-defense / sightings_ecosystem
Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE ATT&CK® techniques observed to give defenders real data on technique prevalence.
☆34Updated last week
Alternatives and similar repositories for sightings_ecosystem:
Users that are interested in sightings_ecosystem are comparing it to the libraries listed below
- 🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here …☆71Updated last year
- ☆42Updated 2 years ago
- A MITRE ATT&CK Lookup Tool☆45Updated 11 months ago
- Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents☆40Updated 11 months ago
- MITRE Engage™ is a framework for conducting Denial, Deception, and Adversary Engagements.☆62Updated last year
- ☆41Updated last year
- Log aggregation, analysis, alerting and correlation for Windows, Syslog and text based logs.☆24Updated 8 years ago
- Threat Detection & Anomaly Detection rules for popular open-source components☆51Updated 2 years ago
- Library of threat hunts to get any user started!☆42Updated 4 years ago
- Automatic detection engineering technical state compliance☆55Updated 8 months ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆35Updated 2 years ago
- A collection of tips for using MISP.☆74Updated 3 months ago
- Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help det…☆49Updated 2 weeks ago
- Tool to read EVTX files including SYSMON and convert to JSON, MISP Objects and Graph stream☆11Updated 4 years ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆61Updated 11 months ago
- Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translatin…☆126Updated 11 months ago
- ☆34Updated 4 years ago
- A repository of Sysmon For Linux configuration modules☆15Updated 3 years ago
- Workflows for Shuffle☆21Updated 2 years ago
- Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.☆34Updated 2 years ago
- This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports☆71Updated 4 months ago
- PacketSifter is a tool/script that is designed to aid analysts in sifting through a packet capture (pcap) to find noteworthy traffic. Pac…☆94Updated 3 years ago
- Threat Mapping Catalogue☆17Updated 3 years ago
- Sigma detection rules for hunting with the threathunting-keywords project☆55Updated last month
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆67Updated last year
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆63Updated 2 years ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆37Updated 2 weeks ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆85Updated 2 years ago
- Azure function to insert MISP data in to Azure Sentinel☆31Updated 2 years ago
- Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.☆31Updated 2 months ago