cisagov / network-architecture-verification-and-validation
The NAVV (Network Architecture Verification and Validation) tool creates a spreadsheet for network traffic analysis from PCAP data and Zeek logs, automating Zeek analysis of PCAP files, the collation of Zeek logs and the dissection of conn.log and dns.log to create a summary or network traffic in an XLSX-formatted spreadsheet.
☆28Updated 7 months ago
Alternatives and similar repositories for network-architecture-verification-and-validation:
Users that are interested in network-architecture-verification-and-validation are comparing it to the libraries listed below
- ☆48Updated last week
- Repo for Automations and other solutions for Elastic SIEM/Security.☆19Updated 3 years ago
- Run Velociraptor on Security Onion☆37Updated 2 years ago
- ☆49Updated this week
- Stand-Alone Windows Hardening (SAWH) is a script to reduce the attack surface of Windows systems that are not attached to a Windows Activ…☆50Updated 3 years ago
- A collection of tips for using MISP.☆74Updated last month
- Run zeek with zeekctl in docker☆51Updated 4 months ago
- Learn about a network from a pcap file or reading from an interface☆28Updated 9 months ago
- The FASTEST way to consume threat intel.☆66Updated last year
- Endpoint detection for remote hosts for consumption by RITA and Elasticsearch☆68Updated last year
- The Project can be used to integrate QRadar with MISP Threat Sharing Platform☆39Updated 2 years ago
- Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents☆38Updated 9 months ago
- Threat Detection & Anomaly Detection rules for popular open-source components☆50Updated 2 years ago
- ☆34Updated 4 years ago
- Zeek support for Community ID flow hashing.☆35Updated last year
- ☆67Updated 5 months ago
- Template for building a packet sniffer☆14Updated 10 months ago
- Sysmon and wazuh integration with Sigma sysmon rules [updated]☆62Updated 3 years ago
- Zeek Extension to Collect Metadata for Profiling of Endpoints and Proxies☆27Updated 10 months ago
- This repo contains information on how to auto deploy Sysmon via GPO and Task Scheduler☆12Updated 3 years ago
- Actionable analytics designed to combat threats based on MITRE's ATT&CK.☆22Updated 5 years ago
- Passive OS detection based on SYN packets without Transmitting any Data☆45Updated last year
- Elastic TIP is a python tool which automates the process of aggregating Threat Intelligence and ingesting the intelligence into a common …☆27Updated 6 months ago
- ☆48Updated 2 years ago
- Corelight@Home script☆40Updated last year
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆52Updated 2 years ago
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Updated 4 years ago
- Log4j Exploit Detection Logic for Zeek☆19Updated 8 months ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆35Updated 2 years ago
- Kibana 7 Templates for Suricata IDPS Threat Hunting☆40Updated 2 years ago