Production-ready detection & response queries for osquery
☆602Aug 13, 2025Updated 7 months ago
Alternatives and similar repositories for osquery-defense-kit
Users that are interested in osquery-defense-kit are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Automated testing, generation & manipulation of #osquery packs☆74Oct 16, 2024Updated last year
- Threat Hunting & Incident Investigation with Osquery☆216Mar 30, 2022Updated 3 years ago
- Mapping the MITRE ATT&CK Matrix with Osquery☆808May 11, 2023Updated 2 years ago
- Remotely collect linux live forensics artifacts.☆14Jul 8, 2022Updated 3 years ago
- Fast and efficient osquery management☆494Updated this week
- Transform Linux Audit logs for SIEM usage☆821Mar 5, 2026Updated 2 weeks ago
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆339Mar 17, 2026Updated last week
- A repository for using osquery for incident detection and response☆884Sep 8, 2025Updated 6 months ago
- Aftermath is a free macOS IR framework☆570Sep 25, 2025Updated 5 months ago
- Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS☆1,662Jan 8, 2025Updated last year
- Cisco Orbital - Osquery queries by Talos☆137Aug 23, 2024Updated last year
- Linux #rootkit and #malware revealer☆31Aug 1, 2024Updated last year
- Granular, Actionable Adversary Emulation for the Cloud☆2,283Mar 12, 2026Updated last week
- ☆34Aug 8, 2023Updated 2 years ago
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆254Nov 18, 2024Updated last year
- Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation o…☆1,155Dec 19, 2025Updated 3 months ago
- Elastic Security detection content for Endpoint☆1,389Mar 16, 2026Updated last week
- Adversary emulation for EDR/SIEM testing (macOS/Linux)☆53Updated this week
- Detect Tactics, Techniques & Combat Threats☆2,269Jan 21, 2026Updated 2 months ago
- #supply #chain #attack #detection☆646Updated this week
- This is a collection of threat detection rules / rules engines that I have come across.☆297May 5, 2024Updated last year
- The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…☆154Apr 25, 2022Updated 3 years ago
- ☆2,525Updated this week
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆864Jan 20, 2022Updated 4 years ago
- Built-in Panther detection rules and policies☆441Updated this week
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆614Dec 8, 2025Updated 3 months ago
- ☆88Mar 7, 2025Updated last year
- A cross platform parser for Apple UnifiedLogs!☆336Mar 8, 2026Updated 2 weeks ago
- ☆191Mar 9, 2026Updated 2 weeks ago
- Automating situational awareness for cloud penetration tests.☆2,320Mar 10, 2026Updated 2 weeks ago
- BlueHound - pinpoint the security issues that actually matter☆761Jul 12, 2023Updated 2 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- A curated list of resources about detecting threats and defending Kubernetes systems.☆407Sep 2, 2023Updated 2 years ago
- ☆553Dec 4, 2023Updated 2 years ago
- A standard for reducing log volume without sacrificing analytical capability☆214Feb 21, 2025Updated last year
- SIEGMA - Transform Sigma rules into SIEM consumables☆159Mar 10, 2025Updated last year
- Re-play Security Events☆1,729Mar 20, 2024Updated 2 years ago
- DFIQ is a collection of investigative questions and the approaches for answering them☆301Mar 10, 2026Updated 2 weeks ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆209Jul 21, 2022Updated 3 years ago