collectivehealth / sentinelone-sdk
☆18Updated this week
Related projects: ⓘ
- Office365 Log Analysis Framework☆81Updated 5 years ago
- Useful Powershell Tools for operating or testing Infocyte HUNT☆16Updated last week
- A Splunk app with saved reports derived from Sigma rules☆72Updated 6 years ago
- Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was …☆76Updated 6 years ago
- CB API scripts for IR, administration, etc.☆33Updated 5 years ago
- PowerShell No Agent Hunting☆107Updated 6 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆82Updated 3 years ago
- Parser for Windows PowerShell script block logs☆94Updated last month
- Command line interface to Carbon Black Response☆38Updated 4 years ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆157Updated last year
- Converts Sigma detection rules to a Splunk alert configuration.☆105Updated 4 years ago
- Powering Up Incident Response with Power-Response☆62Updated 4 years ago
- Carbon Black Feeds☆70Updated last year
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆51Updated 2 years ago
- The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.☆90Updated 6 years ago
- A collection of notebooks built for defensive and offensive operations.☆76Updated 3 years ago
- Community Sharing Repository for Carbon Black and Bit9 Platforms☆27Updated 2 years ago
- carcass is a Python package to generate python package scaffolding based on best practices☆17Updated 2 years ago
- Threat Alert Logic Repository☆88Updated 5 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆158Updated 5 years ago
- InvestigationPlaybookSpec☆72Updated 6 years ago
- ☆18Updated 3 years ago
- Subscribe to raw VMware Carbon Black EDR event feed and forward to another system, such as Splunk.☆73Updated 4 months ago
- Sysmon Splunk App☆46Updated 6 years ago
- Invoke-LiveResponse☆145Updated 2 years ago
- ☆39Updated 5 years ago
- Main Build directory☆176Updated 5 years ago
- This was code for analyzing round 1 of the MITRE Enterprise ATT&CK Evaluation. Please check out https://github.com/joshzelonis/Enterprise…☆95Updated 4 years ago
- This is a logon script used to detect the theft of credentials by tools such as Mimikatz☆116Updated 9 years ago
- A system that creates a bogus web structure to entrap and delay web scanners☆52Updated 3 years ago