chronicle / cbn-tool
Command line tool to interact with Chronicle's Config Based Normalizer (CBN) APIs.
☆27Updated last year
Related projects: ⓘ
- ☆83Updated 2 years ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆170Updated last week
- SPL cheatsheet for Splunk.☆20Updated last year
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆93Updated 6 months ago
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆51Updated last year
- ☆15Updated last year
- ☆40Updated last year
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 4 months ago
- Automating Security Detection Engineering, published by Packt☆42Updated 3 months ago
- ☆26Updated last week
- Content related to medium.com/@thatsiemguy☆12Updated 2 months ago
- A tool that allows you to document and assess any security automation in your SOC☆40Updated 4 months ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆64Updated 6 months ago
- ☆93Updated this week
- Collection of YARA-L 2.0 sample rules for the Chronicle Detection API☆297Updated this week
- ☆50Updated last year
- Practical Threat Detection Engineering, Published by Packt☆51Updated last year
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆76Updated 8 months ago
- A repository of my own Sigma detection rules.☆155Updated last week
- Dettectinator - The Python library to your DeTT&CT YAML files.☆102Updated last month
- A list of Splunk queries that I've collected and used over time.☆70Updated 3 years ago
- MISP to Sentinel integration☆57Updated last week
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆142Updated 7 months ago
- This repository contains Splunk queries to hunt some anomalies☆38Updated 2 years ago
- SentinelOne STAR Rules☆45Updated 10 months ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆113Updated 9 months ago
- Repository of SentinelOne Deep Visibility queries.☆116Updated 3 years ago
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆184Updated 4 years ago
- Conference presentations☆45Updated 11 months ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆49Updated 2 years ago