corelight / zeek-cheatsheetsLinks
Zeek Log Cheatsheets
☆292Updated 2 years ago
Alternatives and similar repositories for zeek-cheatsheets
Users that are interested in zeek-cheatsheets are comparing it to the libraries listed below
Sorting:
- Splunk code (SPL) for serious threat hunters and detection engineers.☆284Updated last year
- A set of Zeek scripts to detect ATT&CK techniques.☆594Updated last year
- User guide of MISP☆270Updated 5 months ago
- A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.☆246Updated 3 years ago
- Zeek-Formatted Threat Intelligence Feeds☆370Updated this week
- SIEGMA - Transform Sigma rules into SIEM consumables☆151Updated 3 months ago
- Cyber Incident Response Team Playbook Battle Cards☆381Updated last year
- Splunk Boss of the SOC version 2 dataset.☆384Updated 2 years ago
- A curated list of awesome things related to TheHive & Cortex☆180Updated 3 years ago
- Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana☆297Updated 8 months ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆218Updated 2 months ago
- This is a repository for freq.py and freq_server.py☆208Updated 4 years ago
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆563Updated 3 years ago
- ☆216Updated last year
- DFIRTrack - The Incident Response Tracking Application☆520Updated 9 months ago
- ☆120Updated 3 years ago
- MISP trainings, threat intel and information sharing training materials with source code☆410Updated last month
- Threat-Intelligence Feeds & Tools & Frameworks☆218Updated last year
- ☆131Updated last year
- Mark Baggett's (@MarkBaggett - GSE #15, SANS SEC573 Author) tool for detecting randomness using NLP techniques rather than pure entropy c…☆129Updated 2 years ago
- Consolidation of various resources related to Microsoft Sysmon & sample data/log☆110Updated 3 years ago
- Sigma rules from Joe Security☆216Updated 7 months ago
- This content is analysis and research of the data sources currently listed in ATT&CK.☆412Updated last year
- A list of my personal projects☆177Updated 2 years ago
- A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework☆352Updated 4 years ago
- Misc Threat Hunting Resources☆373Updated 2 years ago
- Useful network monitoring, analysis, and active response tools used or mentioned in the SANS SEC503 course (https://www.sans.org/course/i…☆229Updated 5 months ago
- Resources for SANS CTI Summit 2021 presentation☆103Updated last year
- Home for Splunk security datasets.☆125Updated 5 years ago
- an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques☆186Updated 3 years ago