Alternatives and similar repositories for osquery-filters

Users that are interested in osquery-filters are comparing it to the libraries listed below

• zeflow / Sigma2SplunkAlert
  Converts Sigma detection rules to a Splunk alert configuration.
  ☆13Updated 3 years ago
• jafarspalace / Crowdstrike-Falcon-Scripts
  Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation
  ☆22Updated 4 months ago
• ReconInfoSec / rhq
  Recon Hunt Queries
  ☆77Updated 4 years ago
• humio / security_monitoring
  ☆41Updated 2 years ago
• DCScoder / ESXiTri
  ESXi Cyber Security Incident Response Script
  ☆24Updated 8 months ago
• ReconInfoSec / adversary-emulation-map
  Creates an ATT&CK Navigator map of an Adversary Emulation Plan
  ☆17Updated 3 years ago
• chihebchebbi / Azure-Sentinel-Hive-Playbook
  Send High & New Incidents to The Hive incident management Platform
  ☆18Updated 4 years ago
• olafhartong / sysmon-modular-linux
  A repository of Sysmon For Linux configuration modules
  ☆15Updated 3 years ago
• elastic / sans-dfir-2022
  Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"
  ☆11Updated 3 months ago
• telekom-security / acquire-aws-ec2
  A python script to acquire multiple aws ec2 instances in a forensically sound-ish way
  ☆38Updated 3 years ago
• 3CORESec / Automata
  Automatic detection engineering technical state compliance
  ☆55Updated 10 months ago
• nidem / forgedpillow
  A tool to modify timestamps in a packet capture to a user selected date
  ☆31Updated 3 years ago
• cyberg3cko / elrond
  Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
  ☆31Updated 3 months ago
• Velocidex / cloudvelo
  An experimental Velociraptor implementation using cloud infrastructure
  ☆25Updated this week
• cudeso / CSIRT-Jump-Bag
  CSIRT Jump Bag
  ☆26Updated last year
• blueteam0ps / det-eng-samples
  This repository contains sample log data that were collected after running adversary simulations in Microsoft 365
  ☆20Updated 7 months ago
• chaitanyakrishna / IOCScraper
  IOCPARSER.COM is a Fast and Reliable service that enables you to extract IOCs and intelligence from different data sources.
  ☆34Updated 3 years ago
• airbus-cert / Splunk-ETW
  A Splunk Technology Add-on to forward filtered ETW events.
  ☆30Updated 4 years ago
• swimlane / PSAttck
  PSAttck is a light-weight framework for the MITRE ATT&CK Framework.
  ☆38Updated 3 years ago
• jsecurity101 / Automated-Detection-Pipeline
  ☆15Updated 4 years ago
• petebryan / blue_team_con
  ☆17Updated 2 years ago
• zolderio / misp-to-sentinel
  Azure function to insert MISP data in to Azure Sentinel
  ☆32Updated 2 years ago
• CompassSecurity / Readinizer
  Microsoft GPO Readiness Lateral Movement Detection Tool
  ☆16Updated 2 years ago
• rgeoghan / app-password-persistence
  Using Microsoft 365 App Passwords for persistence
  ☆23Updated 4 years ago
• the2dl / SSDT
  Stupid Simple Detection Testing
  ☆13Updated last year
• jangeisbauer / gundog
  gundog - guided hunting in Microsoft Defender
  ☆52Updated 4 years ago
• FalconForceTeam / FalconForge
  This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…
  ☆16Updated 2 years ago
• jokezone / Update-Sysmon
  This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.
  ☆82Updated 2 years ago
• johnfranolich / Hunting-Scripts
  A collection of hunting and blue team scripts. Mostly others, some my own.
  ☆38Updated 2 years ago
• alwashmi / MasterParser
  MasterParser is a simple, all-in-one, digital forensics artifact parser
  ☆22Updated 3 years ago