chronicle / ingestion-scripts
☆26Updated last month
Related projects ⓘ
Alternatives and complementary repositories for ingestion-scripts
- Command line tool to interact with Chronicle's Config Based Normalizer (CBN) APIs.☆27Updated last year
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆144Updated this week
- Python samples and utilities for Chronicle APIs☆77Updated this week
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆51Updated last year
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆149Updated 2 months ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆61Updated 6 months ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆97Updated 8 months ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆49Updated 2 years ago
- Web based S1 query navigator for one-click threat hunting☆18Updated 3 years ago
- A CLI tool for managing Chronicle user workflows☆15Updated 6 months ago
- A tool that allows you to document and assess any security automation in your SOC☆41Updated last week
- Anvilogic Forge☆86Updated this week
- Developer enhancements (DX) for FalconPy, the CrowdStrike Python SDK☆36Updated this week
- Collection of YARA-L 2.0 sample rules for the Chronicle Detection API☆316Updated 3 weeks ago
- ☆66Updated 5 months ago
- Unleash the power of the Falcon Platform at the CLI☆112Updated last week
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆141Updated 11 months ago
- ☆80Updated last month
- ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CK® v…☆16Updated last week
- A POC to implement Detection-as-Code with Terraform and Sumo Logic.☆25Updated last year
- Dettectinator - The Python library to your DeTT&CT YAML files.☆104Updated this week
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆179Updated last month
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆85Updated last year
- ☆14Updated last month
- An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.☆129Updated this week
- The Infosec Community Definitive Guide to Jupyter Notebooks☆115Updated 4 years ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆51Updated last year
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆82Updated 9 months ago
- ☆85Updated 2 years ago