chronicle / ingestion-scripts
☆30Updated last month
Alternatives and similar repositories for ingestion-scripts:
Users that are interested in ingestion-scripts are comparing it to the libraries listed below
- Python samples and utilities for Chronicle APIs☆81Updated 3 weeks ago
- Command line tool to interact with Chronicle's Config Based Normalizer (CBN) APIs.☆29Updated last year
- A tool that allows you to document and assess any security automation in your SOC☆46Updated 5 months ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆111Updated 5 months ago
- A preconfigured Velociraptor triage collector☆51Updated this week
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆162Updated last month
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆53Updated 2 years ago
- Web based S1 query navigator for one-click threat hunting☆18Updated 4 years ago
- CrowdStrike's Open Source Policy & Contribution Guide☆39Updated 3 weeks ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆37Updated last month
- Dettectinator - The Python library to your DeTT&CT YAML files.☆111Updated 2 weeks ago
- Unleash the power of the Falcon Platform at the CLI☆117Updated this week
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆53Updated last year
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆81Updated last year
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆55Updated 3 years ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆67Updated last year
- A CLI tool for managing Chronicle user workflows☆16Updated 11 months ago
- ☆87Updated 2 months ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆61Updated 11 months ago
- A collection of various SIEM rules relating to malware family groups.☆66Updated 10 months ago
- ☆83Updated last month
- ☆93Updated 2 years ago
- Developer enhancements (DX) for FalconPy, the CrowdStrike Python SDK☆38Updated this week
- MISP to Sentinel integration☆64Updated 2 weeks ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆88Updated last year
- An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…☆45Updated last week
- WA Cyber Security Unit (DGOV Technical) site☆35Updated last week
- pySigma Splunk backend☆38Updated 2 months ago
- pocket guide for core detection engineering concepts☆28Updated last year
- A repository of my own Sigma detection rules.☆158Updated 7 months ago