cisagov / network-architecture-verification-and-validation
The NAVV (Network Architecture Verification and Validation) tool creates a spreadsheet for network traffic analysis from PCAP data and Zeek logs, automating Zeek analysis of PCAP files, the collation of Zeek logs and the dissection of conn.log and dns.log to create a summary or network traffic in an XLSX-formatted spreadsheet.
☆28Updated 8 months ago
Alternatives and similar repositories for network-architecture-verification-and-validation:
Users that are interested in network-architecture-verification-and-validation are comparing it to the libraries listed below
- Endpoint detection for remote hosts for consumption by RITA and Elasticsearch☆68Updated last year
- Repo for Automations and other solutions for Elastic SIEM/Security.☆18Updated 3 years ago
- Run Velociraptor on Security Onion☆37Updated 2 years ago
- Stand-Alone Windows Hardening (SAWH) is a script to reduce the attack surface of Windows systems that are not attached to a Windows Activ…☆51Updated 3 years ago
- Elastic TIP is a python tool which automates the process of aggregating Threat Intelligence and ingesting the intelligence into a common …☆27Updated 6 months ago
- The FASTEST way to consume threat intel.☆67Updated last year
- Web based S1 query navigator for one-click threat hunting☆18Updated 4 years ago
- A virtual appliance for building cyber labs, challenges and competitions☆23Updated 2 months ago
- An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…☆29Updated 2 months ago
- Template for building a packet sniffer☆14Updated 10 months ago
- Search a filesystem for indicators of compromise (IoC).☆69Updated this week
- ☆48Updated this week
- ☆54Updated 3 years ago
- Zeek support for Community ID flow hashing.☆35Updated last year
- Learn about a network from a pcap file or reading from an interface☆28Updated 10 months ago
- Crucible is a modular framework for creating, deploying, and managing virtual environments to support training, education, and exercises.☆32Updated this week
- A collection of tips for using MISP.☆74Updated 2 months ago
- eMASSer is a command-line interface (CLI) that aims to automate routine business use-cases and provide utility surrounding the Enterprise…☆36Updated this week
- Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…☆18Updated 4 years ago
- Collection of walkthroughs on various threat hunting techniques☆75Updated 4 years ago
- Extracts fields from zeek logs, compatible with zeek-cut☆19Updated 7 months ago
- Hands-On Network Forensics by Nipun Jaswal☆43Updated last year
- Run zeek with zeekctl in docker☆51Updated 5 months ago
- Corelight@Home script☆40Updated last year
- ☆11Updated 4 years ago
- Convert Sigma rules to LogRhythm searches☆20Updated 2 years ago
- ☆55Updated 3 weeks ago
- ☆34Updated 4 years ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated last week
- The Project can be used to integrate QRadar with MISP Threat Sharing Platform☆38Updated 2 years ago