Alternatives and similar repositories for osquery-filters:

Users that are interested in osquery-filters are comparing it to the libraries listed below

• Velocidex / cloudvelo
  An experimental Velociraptor implementation using cloud infrastructure
  ☆23Updated this week
• blueteam0ps / det-eng-samples
  This repository contains sample log data that were collected after running adversary simulations in Microsoft 365
  ☆20Updated 3 months ago
• ezaspy / elrond
  Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
  ☆32Updated last month
• ReconInfoSec / rhq
  Recon Hunt Queries
  ☆76Updated 3 years ago
• olafhartong / sysmon-modular-linux
  A repository of Sysmon For Linux configuration modules
  ☆15Updated 3 years ago
• chihebchebbi / Azure-Sentinel-Hive-Playbook
  Send High & New Incidents to The Hive incident management Platform
  ☆18Updated 3 years ago
• zeflow / Sigma2SplunkAlert
  Converts Sigma detection rules to a Splunk alert configuration.
  ☆13Updated 3 years ago
• NVISOsecurity / nviso-cti
  ☆41Updated 9 months ago
• jafarspalace / Crowdstrike-Falcon-Scripts
  Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation
  ☆22Updated last month
• 3CORESec / Automata
  Automatic detection engineering technical state compliance
  ☆53Updated 6 months ago
• corelight / Dashboards-Splunk-DNS-Hunting-Beaconing
  DNS Dashboard for hunting and identifying beaconing
  ☆14Updated 4 years ago
• AlbinoGazelle / esxi-testing-toolkit
  🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.
  ☆19Updated this week
• dwmetz / PSHero
  PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
  ☆36Updated last year
• freeload101 / Bloodhound-Portable
  Bloodhound Portable for Windows
  ☆51Updated last year
• svch0stz / TheThreatHuntLibrary
  Library of threat hunts to get any user started!
  ☆41Updated 4 years ago
• QueenSquishy / Zombie
  General Content
  ☆21Updated 6 months ago
• dfir-dd / incident-response-playbooks
  Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents
  ☆38Updated 8 months ago
• Starke427 / Windows-Security-Policy
  Specific guidance and configuration scripts based on Microsoft-recommended security configuration baselines for Windows.
  ☆11Updated 4 years ago
• nidem / forgedpillow
  A tool to modify timestamps in a packet capture to a user selected date
  ☆31Updated 3 years ago
• jakob-source / falcon-crowdstrike
  A collection of searches, interesting events and tables on Crowdstrike Splunk.
  ☆29Updated 3 years ago
• guardsight / gsvsoc_mission-model
  Incident Response Report Using GitHub-Sphinx
  ☆19Updated 5 years ago
• redcanaryco / ansible-atomic-red-team
  This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam
  ☆25Updated 6 months ago
• the2dl / SSDT
  Stupid Simple Detection Testing
  ☆12Updated 10 months ago
• mattreduce / cti-self-study
  Track progress and keep notes while working through likethecoins' CTI Self Study Plan
  ☆28Updated 2 years ago
• ReconInfoSec / adversary-emulation-map
  Creates an ATT&CK Navigator map of an Adversary Emulation Plan
  ☆16Updated 3 years ago
• M3NIX / sigmaio
  simple webapp for converting sigma rules into siem queries using the pySigma library
  ☆47Updated last year
• humio / security_monitoring
  ☆40Updated last year
• pfpt-andrew / Rapid-Response-Reporting
  RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…
  ☆36Updated 2 years ago
• spyx / SysmonGrahp
  ☆14Updated 3 years ago