defensivedepth / Sysmon_OSSECLinks
OSSEC Decoder & Rulesets for Sysmon Events
☆15Updated 9 years ago
Alternatives and similar repositories for Sysmon_OSSEC
Users that are interested in Sysmon_OSSEC are comparing it to the libraries listed below
Sorting:
- Integrating Sysinternals Autoruns’ logs into Security Onion☆31Updated last year
- ☆13Updated 5 years ago
- This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.☆22Updated 7 years ago
- An informational repo about hunting for adversaries in your IT environment.☆14Updated 8 years ago
- Splunk App to assist Sysmon Threat Hunting☆38Updated 8 years ago
- incident response scripts☆19Updated 6 years ago
- ☆32Updated 7 months ago
- This package allows for creating alerts in The Hive from emails retrieved from a Microsoft Exchange mailbox.☆12Updated 7 years ago
- Mass Triage Tools☆20Updated 4 months ago
- Indices for courses in SANS' Network Security Operations curriculum☆16Updated 9 years ago
- ☆30Updated 6 years ago
- Splunk app for Threat hunting☆15Updated 6 years ago
- Use DNS to hunt for threats including DGAs☆15Updated 9 years ago
- Force-Directed Graph Generator for Volatility Ouputs☆26Updated 6 years ago
- Triage automation for suspect URLs☆13Updated 5 years ago
- Site for IWS book content☆18Updated 6 years ago
- Technical add-on to ingest json formatted volatility memory analysis plugin outputs☆13Updated 7 years ago
- Plugins to add funtionality to ProcDOT. http://www.procdot.com☆23Updated last year
- Powershell Functions to interact with TheHive-Project☆10Updated 5 years ago
- Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.☆17Updated 4 years ago
- Python script to pull various IOCs from PDFs☆15Updated 10 years ago
- Bro PCAP Processing and Tagging API☆28Updated 7 years ago
- Synopsis is a tool to aid analysts reviewing browser history files by providing a high-level “synopsis” of key information.☆21Updated 6 years ago
- Checks observables/ioc in TheHive/Cortex against the MISP warningslists☆14Updated 7 years ago
- Build your own threat hunting maturity model☆11Updated 7 years ago
- Maps process creation logged by Sysmon uses Google Org Chart API☆24Updated 9 years ago
- This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.☆34Updated 5 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Updated 6 years ago
- Tool to parse SRU database☆24Updated 7 years ago
- Scandiff is a PowerShell script to automate host discovery and scanning with nmap. After discovering and scanning hosts, scandiff perfor…☆17Updated 10 years ago