chronicle / cli
A CLI tool for managing Chronicle user workflows
☆16Updated 9 months ago
Alternatives and similar repositories for cli:
Users that are interested in cli are comparing it to the libraries listed below
- Command line tool to interact with Chronicle's Config Based Normalizer (CBN) APIs.☆28Updated last year
- ☆27Updated 4 months ago
- Python samples and utilities for Chronicle APIs☆80Updated 2 weeks ago
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆52Updated last year
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆86Updated last year
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆91Updated last year
- ☆71Updated 11 months ago
- A tool that allows you to document and assess any security automation in your SOC☆45Updated 3 months ago
- pySigma Cookiecutter backend template☆22Updated 2 weeks ago
- ☆34Updated 2 months ago
- ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).☆99Updated 5 months ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆109Updated 3 months ago
- ☆93Updated 2 years ago
- ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, conte…☆76Updated 3 months ago
- Identify Azure blobs using a wordlist of account name and container name strings☆36Updated 4 years ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆67Updated 9 months ago
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆78Updated last year
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆143Updated last year
- ☆65Updated 9 months ago
- Collection of detection rules written in YARA-L.☆23Updated 11 months ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆51Updated 2 years ago
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆156Updated this week
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆35Updated this week
- Open Threat-Informed Detection Engineering☆37Updated last month
- Automating Security Detection Engineering, published by Packt☆54Updated 4 months ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆193Updated 5 months ago
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆128Updated 2 years ago
- ☆101Updated 8 months ago
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…☆164Updated 4 months ago
- Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …☆121Updated 7 months ago