dfir-ronin / APT-OpenIOC-Detection-RulesView external linksLinks
This repository contains OpenIOC rules to aid in hunting for indicators of compromise and TTPs focused on Advanced Persistent Threat groups.
☆26Oct 3, 2023Updated 2 years ago
Alternatives and similar repositories for APT-OpenIOC-Detection-Rules
Users that are interested in APT-OpenIOC-Detection-Rules are comparing it to the libraries listed below
Sorting:
- An experimental Velociraptor implementation using cloud infrastructure☆26Dec 2, 2025Updated 2 months ago
- Thor Artifacts for Velociraptor☆19Dec 2, 2025Updated 2 months ago
- KQL Sentinel and Defender Detection and Hunting Queries.☆15Feb 4, 2026Updated last week
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- Threat Detection System using Hybrid (Machine Learning + Lexical Analysis) learning Approach.☆11May 30, 2017Updated 8 years ago
- SIEM Cheat Sheet☆80Aug 15, 2023Updated 2 years ago
- A dataset containing APT group related articles and MITRE ATT&CK technique descriptions☆18Aug 14, 2019Updated 6 years ago
- ☆15Aug 29, 2025Updated 5 months ago
- PowerShell Memory Pulling script☆19Mar 24, 2015Updated 10 years ago
- Git for me to put all my forensics stuff☆23Sep 2, 2025Updated 5 months ago
- yara detection rules for hunting with the threathunting-keywords project☆157May 11, 2025Updated 9 months ago
- Threat Modeling (based on STRIDE approach) for Kubernetes systems.☆25Oct 14, 2024Updated last year
- Look into EDR events from network☆25Nov 20, 2025Updated 2 months ago
- ☆24Mar 12, 2025Updated 11 months ago
- A curated list of resources to deep dive into the intersection of applied machine learning and threat detection.☆19Sep 23, 2020Updated 5 years ago
- Ansible role for installing Sysmon with popular config files included.☆24Jan 8, 2023Updated 3 years ago
- A collection of tools, scripts and personal research☆155Feb 2, 2026Updated last week
- Splunk TA for sending completion requests to ChatGPT☆26May 18, 2024Updated last year
- A Python script for extracting IP addresses, URLs, headers, and attachments from .eml files. Additional functionalities include defanging…☆42Oct 10, 2024Updated last year
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Nov 23, 2022Updated 3 years ago
- ☆14Oct 24, 2024Updated last year
- My Malware Analysis Reports☆25May 24, 2022Updated 3 years ago
- ☆11Feb 9, 2023Updated 3 years ago
- ☆67Jun 20, 2023Updated 2 years ago
- A collection of companies that disclose adversary TTPs after they have been breached☆289Nov 11, 2025Updated 3 months ago
- This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports☆79Jan 26, 2026Updated 2 weeks ago
- TTPMapper is an AI-driven threat intelligence parser that converts unstructured reports whether from web URLs or PDF files into structure…☆49Jun 21, 2025Updated 7 months ago
- The Enhanced MITRE ATT&CK® Coverage Tracker is an Excel tool for SOCs to measure and improve detection coverage of cyber threats. It simp…☆34Nov 13, 2025Updated 3 months ago
- A repository to share publicly available Velociraptor detection content☆196Updated this week
- Repository of SentinelOne Deep Visibility queries.☆135Jun 30, 2021Updated 4 years ago
- 🛡️ SIGMA Detection Engineering Platform A comprehensive AI-powered detection engineering platform for security teams to explore MITRE AT…☆46Jun 28, 2025Updated 7 months ago
- Insider threat detection with heterogeneous graph in CERT dataset.☆27Dec 21, 2021Updated 4 years ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆32Oct 7, 2020Updated 5 years ago
- A collection of searches, interesting events and tables on Crowdstrike Splunk.☆30Mar 2, 2021Updated 4 years ago
- One Day of Python for SaintCon 2022☆11Jan 3, 2023Updated 3 years ago
- ☆73Oct 21, 2024Updated last year
- Labs for Threat Modelling training delivered by ControlPlane☆35Apr 24, 2024Updated last year
- Detect-X Automated Threat Detection by AI☆32Oct 10, 2019Updated 6 years ago
- C# Desktop GUI application that either performs YARA scan locally or prepares the scan in Active Directory domain environment with a few …☆36Dec 1, 2021Updated 4 years ago