cybersheepdog / Threat-Hunting-Metrics
Threat Hunting is time consuming enough as it is. Coming up with and tracking metrics to justify your hunt team to the Execs often takes time away from your Threat Hunting. I have created this Excel document to help automate as much of that as possible. The Strategic Overview tab is auto-updated based upon what you enter in the Threat Hunts Ta…
☆11Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Threat-Hunting-Metrics
- Sigma detection rules for hunting with the threathunting-keywords project☆47Updated last week
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆51Updated 2 weeks ago
- Detection of obfuscated Powershell commands☆54Updated last year
- Remote access and Antivirus Logging Database☆41Updated 6 months ago
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆50Updated 3 weeks ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 5 months ago
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆48Updated 2 years ago
- Random notes collected on the intertubes relating to DFIR☆32Updated last year
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆23Updated 2 months ago
- ☆19Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆75Updated 2 weeks ago
- BlackBerry Threat Research & Intelligence☆93Updated last year
- Powershell sandboxing utility☆17Updated 2 weeks ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 6 months ago
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 7 months ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆116Updated 11 months ago
- ☆56Updated 2 weeks ago
- My Jupyter Notebooks☆36Updated 7 months ago
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆25Updated last month
- USN Journal full path builder☆36Updated last month
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆49Updated last year
- Baseline a Windows System against LOLBAS☆25Updated 6 months ago
- ☆1Updated 2 weeks ago
- simple webapp for converting sigma rules into siem queries using the pySigma library☆47Updated last year
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 2 months ago
- ☆43Updated 3 weeks ago
- User Feedback Space of #MitreAssistant☆37Updated last year
- Python client for DFIR-IRIS☆20Updated 2 months ago
- An exercise to practice deobfuscating PowerShell Scripts.☆28Updated last year
- Azure function to insert MISP data in to Azure Sentinel☆30Updated 2 years ago