corelight / Elasticsearch_rulesLinks
Elastic version of SOC prime watcher rules
☆30Updated 11 months ago
Alternatives and similar repositories for Elasticsearch_rules
Users that are interested in Elasticsearch_rules are comparing it to the libraries listed below
Sorting:
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆89Updated 2 years ago
- A collection of various SIEM rules relating to malware family groups.☆69Updated last year
- ☆74Updated last week
- Sigma detection rules for hunting with the threathunting-keywords project☆56Updated 6 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated last year
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…