corelight / Elasticsearch_rules
Elastic version of SOC prime watcher rules
☆27Updated 3 months ago
Related projects: ⓘ
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆84Updated last year
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆73Updated last month
- CarbonBlack EDR detection rules and response actions☆70Updated last week
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆21Updated 3 weeks ago
- ☆42Updated 3 months ago
- This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam☆23Updated 2 months ago
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 5 months ago
- Slides of my public talks☆46Updated 9 months ago
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆23Updated 2 weeks ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 4 months ago
- A collection of various SIEM rules relating to malware family groups.☆60Updated 3 months ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 4 months ago
- M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.☆110Updated 4 months ago
- Sigma detection rules for hunting with the threathunting-keywords project☆47Updated 3 weeks ago
- SigmaHQ pySigma CrowdStrike processing pipeline☆18Updated this week
- ☆22Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆74Updated 3 weeks ago
- Conference presentations☆45Updated 11 months ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆113Updated 9 months ago
- Azure function to insert MISP data in to Azure Sentinel☆30Updated last year
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆40Updated 5 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆147Updated 4 months ago
- A tool to display Windows Event logs as they happen.☆12Updated last year
- User Feedback Space of #MitreAssistant☆37Updated last year
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆55Updated 4 months ago
- ☆48Updated last year
- Actively hunt for attacker infrastructure by filtering Shodan results with URLScan data.☆59Updated 2 months ago
- Full of public notes and Utilities☆81Updated 3 weeks ago
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆34Updated 9 months ago
- ☆19Updated last year
- VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data …☆91Updated 3 weeks ago