Alternatives and similar repositories for osquery-filters

Users that are interested in osquery-filters are comparing it to the libraries listed below

• CyberSift / OSQUERY-PACKS

  View on GitHub
  Osquery Packs we use for customer security hardening
  ☆12Jun 30, 2025Updated 7 months ago
• tsale / TA_tooling

  View on GitHub
  ☆10Dec 24, 2022Updated 3 years ago
• guardicode / osquery

  View on GitHub
  Guardicore osqueries collection for asset information, TH and compliance.
  ☆16Dec 22, 2021Updated 4 years ago
• Kintyre / TA-postfix

  View on GitHub
  Postfix Add-on for Splunk (Compliant with the Mail CIM model)
  ☆11Mar 18, 2021Updated 4 years ago
• osquery / foundation

  View on GitHub
  osquery Foundation Charter, Legal, and Process Documents
  ☆13Jun 10, 2022Updated 3 years ago
• murchisd / splunk_pstree_app

  View on GitHub
  Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
  ☆24Mar 3, 2023Updated 2 years ago
• ReconInfoSec / ansible-nginx-gen

  View on GitHub
  Generates TCP/UDP stream configuration files for NGINX based on the backend servers and ports provided
  ☆11May 23, 2019Updated 6 years ago
• mitre / microsoft-windows-10-stig-baseline

  View on GitHub
  InSpec profile for Microsoft Windows 10, against DISA's Microsoft Windows 10 Security Technical Implementation Guide (STIG) Version 1, Re…
  ☆14Jan 9, 2025Updated last year
• splunk / splunkconf-backup

  View on GitHub
  ☆13Updated this week
• Wjinlei / hwsaudit

  View on GitHub
  使用Go语言开发的Linux权限审计工具
  ☆13Jun 15, 2022Updated 3 years ago
• microsoft / MSTIC-Sysmon

  View on GitHub
  Anything Sysmon related from the MSTIC R&D team
  ☆156Jun 8, 2024Updated last year
• s7ckTeam / F-Box

  View on GitHub
  F-Box 渗透测试武器库
  ☆14Aug 28, 2021Updated 4 years ago
• trapsocialenginer / DcRat

  View on GitHub
  ☆10Jan 30, 2022Updated 4 years ago
• jsecu / ElevatedEvents

  View on GitHub
  ☆30Nov 7, 2022Updated 3 years ago
• 3CORESec / Automata

  View on GitHub
  Automatic detection engineering technical state compliance
  ☆55Jul 7, 2024Updated last year
• zeek / zeek-agent-framework

  View on GitHub
  This project is no longer maintained. There's a successor at https://github.com/zeek-packages/zeek-agent-v2
  ☆14Oct 12, 2020Updated 5 years ago
• wagga40 / Mitre2Datatables

  View on GitHub
  Bring Your Own Mitre Att&ck © Matrix !
  ☆13Oct 19, 2023Updated 2 years ago
• splunk / TA-misp_es

  View on GitHub
  MISP to Splunk Enterprise Security Theat Intelligence Framework Integration
  ☆14Jul 11, 2023Updated 2 years ago
• d3sre / Use_Case_Applicability

  View on GitHub
  Security Monitoring Resolution Categories
  ☆138Nov 25, 2021Updated 4 years ago
• jallphin / spitfire

  View on GitHub
  Red Team Server (RTS)
  ☆16Mar 8, 2024Updated last year
• Truvis / Splunk_TA_Truvis_Suricata5

  View on GitHub
  This TA takes Suricata5 data from your port mirrored Suricata server and makes it readable within Splunk. See Cheatsheets on how to setup…
  ☆15Sep 5, 2020Updated 5 years ago
• safe6Sec / tp3

  View on GitHub
  tp3注入总结
  ☆19Jan 6, 2022Updated 4 years ago
• RealityNet / McAFuse

  View on GitHub
  Toolset to analyze disks encrypted with McAFee FDE technology
  ☆19Mar 11, 2021Updated 4 years ago
• cyberbutler / bash-logging-elk

  View on GitHub
  ☆19Aug 2, 2020Updated 5 years ago
• CIRCL / factual-rules-generator

  View on GitHub
  Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
  ☆75Jan 18, 2022Updated 4 years ago
• herbiezimmerman / Windows-Event-Logs-With-Event-IDs

  View on GitHub
  A running list of Windows sources and the related event ids.
  ☆19Aug 2, 2023Updated 2 years ago
• migguel0 / razorAP

  View on GitHub
  razorAP, Bash and Python tool used to generate Fake Access Points for Wi-Fi networks with 802.1X authentication.
  ☆22Sep 18, 2024Updated last year
• CiscoCXSecurity / log4j

  View on GitHub
  Detection rules to look for Log4J usage and exploitation
  ☆18Jun 21, 2025Updated 7 months ago
• NextronSystems / evtx-baseline

  View on GitHub
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆86Dec 17, 2025Updated last month
• humpalum / vscode-sigma

  View on GitHub
  ☆17Oct 13, 2025Updated 4 months ago
• corelight / CVE-2021-42292

  View on GitHub
  A Zeek package to detect CVE-2021-42292, a Microsoft Excel local privilege escalation exploit.
  ☆18Nov 11, 2021Updated 4 years ago
• daddycocoaman / volplugins

  View on GitHub
  Repository of Volatility3 plugins
  ☆22Mar 22, 2023Updated 2 years ago
• mdecrevoisier / Splunk-input-windows-baseline

  View on GitHub
  Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…
  ☆94Jun 28, 2025Updated 7 months ago
• mkorman90 / sysmon-config-bypass-finder

  View on GitHub
  Detect possible sysmon logging bypasses given a specific configuration
  ☆111Dec 26, 2018Updated 7 years ago
• blackhatethicalhacking / shad0w

  View on GitHub
  A post exploitation framework designed to operate covertly on heavily monitored environments
  ☆21Jan 5, 2021Updated 5 years ago
• J0LGER / Venom

  View on GitHub
  Venom is a collaborative C2 framework used by Red Team operators. providing an interactive Web GUI written in Python and PowerShell.
  ☆19Jul 14, 2022Updated 3 years ago
• Cyb3r-Monk / RITA-J

  View on GitHub
  Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
  ☆207Jul 21, 2022Updated 3 years ago
• guilhemmarchand / trackme

  View on GitHub
  TrackMe - Data tracking system for Splunk admins
  ☆49Feb 3, 2023Updated 3 years ago
• chainguard-dev / osquery-defense-kit

  View on GitHub
  Production-ready detection & response queries for osquery
  ☆600Aug 13, 2025Updated 6 months ago