Production-ready detection & response queries for osquery
☆600Aug 13, 2025Updated 6 months ago
Alternatives and similar repositories for osquery-defense-kit
Users that are interested in osquery-defense-kit are comparing it to the libraries listed below
Sorting:
- Automated testing, generation & manipulation of #osquery packs☆74Oct 16, 2024Updated last year
- Threat Hunting & Incident Investigation with Osquery☆216Mar 30, 2022Updated 3 years ago
- Mapping the MITRE ATT&CK Matrix with Osquery☆806May 11, 2023Updated 2 years ago
- Transform Linux Audit logs for SIEM usage☆815Updated this week
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆338Feb 13, 2026Updated 2 weeks ago
- A repository for using osquery for incident detection and response☆880Sep 8, 2025Updated 5 months ago
- Cisco Orbital - Osquery queries by Talos☆137Aug 23, 2024Updated last year
- Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS☆1,658Jan 8, 2025Updated last year
- Fast and efficient osquery management☆489Feb 24, 2026Updated last week
- Remotely collect linux live forensics artifacts.☆14Jul 8, 2022Updated 3 years ago
- Linux #rootkit and #malware revealer☆31Aug 1, 2024Updated last year
- Aftermath is a free macOS IR framework☆569Sep 25, 2025Updated 5 months ago
- Granular, Actionable Adversary Emulation for the Cloud☆2,267Updated this week
- Detect Tactics, Techniques & Combat Threats☆2,264Jan 21, 2026Updated last month
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆253Nov 18, 2024Updated last year
- This is a collection of threat detection rules / rules engines that I have come across.☆296May 5, 2024Updated last year
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆864Jan 20, 2022Updated 4 years ago
- Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation o…☆1,142Dec 19, 2025Updated 2 months ago
- ☆169Sep 30, 2025Updated 5 months ago
- Elastic Security detection content for Endpoint☆1,380Updated this week
- ☆553Dec 4, 2023Updated 2 years ago
- ☆2,510Updated this week
- The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…☆154Apr 25, 2022Updated 3 years ago
- Automating situational awareness for cloud penetration tests.☆2,299Updated this week
- A curated list of resources about detecting threats and defending Kubernetes systems.☆402Sep 2, 2023Updated 2 years ago
- Built-in Panther detection rules and policies☆439Updated this week
- DFIQ is a collection of investigative questions and the approaches for answering them☆300Jan 17, 2025Updated last year
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆612Dec 8, 2025Updated 2 months ago
- ☆88Mar 7, 2025Updated 11 months ago
- ☆34Aug 8, 2023Updated 2 years ago
- BlueHound - pinpoint the security issues that actually matter☆761Jul 12, 2023Updated 2 years ago
- Re-play Security Events☆1,723Mar 20, 2024Updated last year
- A cross platform parser for Apple UnifiedLogs!☆330Feb 15, 2026Updated 2 weeks ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- Open Source Security Events Metadata (OSSEM)☆1,288Feb 27, 2023Updated 3 years ago
- ☆190Feb 8, 2026Updated 3 weeks ago
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆816Feb 17, 2025Updated last year
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆208Jul 21, 2022Updated 3 years ago
- A knowledge base of actionable Incident Response techniques☆662May 31, 2022Updated 3 years ago