defensivedepth / osquery-filters

Related projects ⓘ

Alternatives and complementary repositories for osquery-filters

• 3CORESec / Automata
  Automatic detection engineering technical state compliance
  ☆50Updated 4 months ago
• ezaspy / elrond
  Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
  ☆31Updated 3 weeks ago
• zeflow / Sigma2SplunkAlert
  Converts Sigma detection rules to a Splunk alert configuration.
  ☆13Updated 3 years ago
• NVISOsecurity / nviso-cti
  ☆41Updated 7 months ago
• jafarspalace / Crowdstrike-Falcon-Scripts
  Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation
  ☆22Updated 3 months ago
• chihebchebbi / Azure-Sentinel-Hive-Playbook
  Send High & New Incidents to The Hive incident management Platform
  ☆17Updated 3 years ago
• Velocidex / cloudvelo
  An experimental Velociraptor implementation using cloud infrastructure
  ☆21Updated last week
• corelight / Dashboards-Splunk-DNS-Hunting-Beaconing
  DNS Dashboard for hunting and identifying beaconing
  ☆14Updated 4 years ago
• olafhartong / sysmon-modular-linux
  A repository of Sysmon For Linux configuration modules
  ☆15Updated 3 years ago
• blueteam0ps / det-eng-samples
  This repository contains sample log data that were collected after running adversary simulations in Microsoft 365
  ☆20Updated last month
• mattreduce / cti-self-study
  Track progress and keep notes while working through likethecoins' CTI Self Study Plan
  ☆28Updated 2 years ago
• swisscom / detections
  Threat intelligence and threat detection indicators (IOC, IOA)
  ☆53Updated 3 years ago
• ReconInfoSec / adversary-emulation-map
  Creates an ATT&CK Navigator map of an Adversary Emulation Plan
  ☆16Updated 3 years ago
• openrelik / openrelik-server
  The core backend server handling API requests and task management
  ☆31Updated last week
• petebryan / blue_team_con
  ☆17Updated 2 years ago
• thremulation-station / thremulation-station
  Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.
  ☆35Updated 11 months ago
• slaughterjames / excelpeek
  ☆37Updated 2 years ago
• MITRECND / mitrecnd.github.io
  MITRE Shield website
  ☆18Updated 3 years ago
• ReconInfoSec / rhq
  Recon Hunt Queries
  ☆75Updated 3 years ago
• corelight / raspi-corelight
  Corelight@Home script
  ☆40Updated last year
• SecurityRiskAdvisors / dredd
  Automated detection rule analysis utility
  ☆29Updated 2 years ago
• cudeso / dfir-iris-misp-timesketch
  Scripts to integrate DFIR-IRIS, MISP and TimeSketch
  ☆31Updated 2 years ago
• brokensound77 / toruk
  Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data
  ☆13Updated 5 years ago
• swisscom / PowerSponse
  PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
  ☆38Updated 2 years ago
• threathunters-io / QLOG
  Windows Security Logging
  ☆43Updated 2 years ago
• freeload101 / Bloodhound-Portable
  Bloodhound Portable for Windows
  ☆51Updated last year
• spyx / SysmonGrahp
  ☆14Updated 3 years ago