chronicle / ingestion-scripts
☆26Updated last month
Related projects ⓘ
Alternatives and complementary repositories for ingestion-scripts
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆51Updated last year
- Command line tool to interact with Chronicle's Config Based Normalizer (CBN) APIs.☆27Updated last year
- A CLI tool for managing Chronicle user workflows☆16Updated 6 months ago
- Python samples and utilities for Chronicle APIs☆77Updated this week
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆97Updated this week
- A tool that allows you to document and assess any security automation in your SOC☆41Updated 3 weeks ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆104Updated 2 weeks ago
- Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …☆116Updated 4 months ago
- Developer enhancements (DX) for FalconPy, the CrowdStrike Python SDK☆36Updated last week
- ☆83Updated 3 months ago
- A POC to implement Detection-as-Code with Terraform and Sumo Logic.☆26Updated last year
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆85Updated last year
- Import CrowdStrike Threat Intelligence into your instance of MISP☆42Updated last month
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆62Updated 6 months ago
- Anvilogic Forge☆86Updated last week
- ☆99Updated 5 months ago
- Unleash the power of the Falcon Platform at the CLI☆113Updated 3 weeks ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 6 months ago
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆141Updated last year
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆49Updated 2 years ago
- ☆87Updated 2 years ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆179Updated 2 months ago
- Collection of YARA-L 2.0 sample rules for the Chronicle Detection API☆316Updated last month
- An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.☆131Updated this week
- MISP to Sentinel integration☆60Updated this week
- ☆40Updated 5 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆27Updated last month
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆116Updated 11 months ago
- A lab environment for learning about MSTICPy☆36Updated last year
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆157Updated 2 months ago