dgunter / evtxtoelkLinks
A lightweight tool to load Windows Event Log evtx files into Elasticsearch.
☆117Updated 4 years ago
Alternatives and similar repositories for evtxtoelk
Users that are interested in evtxtoelk are comparing it to the libraries listed below
Sorting:
- Threat Alert Logic Repository☆92Updated 6 years ago
- This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a mat…☆62Updated last year
- ☆164Updated 4 years ago
- Invoke-LiveResponse☆149Updated 3 years ago
- Repository containing IOCs, CSV and MISP JSON from our blogs☆81Updated 3 years ago
- ☆116Updated last year
- Log Entry to Sigma Rule Converter☆108Updated 3 years ago
- Detecting Lateral Movement with Machine Learning☆138Updated 7 years ago
- Collecting & Hunting for IOCs with gusto and style☆241Updated 4 years ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆180Updated 4 years ago
- SEC599 supporting GitHub repository☆16Updated 5 years ago
- Automated Use Case Testing☆167Updated 7 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆195Updated 4 months ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆166Updated 6 years ago
- An Inofficial Sysmon Version History (Change Log)☆33Updated 4 years ago
- Django web interface for managing Yara rules☆193Updated 7 years ago
- Primary data pipelines for intrusion detection, security analytics and threat hunting☆87Updated 3 years ago
- Test Blue Team detections without running any attack.☆271Updated last year
- A Splunk app to use MISP in background☆111Updated 2 months ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆87Updated 2 years ago
- A Splunk app with saved reports derived from Sigma rules☆73Updated 7 years ago
- Searches For Threat Hunting and Security Analytics☆241Updated 4 months ago
- FRAC and RIFT☆17Updated 6 years ago
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆110Updated 5 years ago
- This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant ya…☆122Updated 4 years ago
- Dump of organized knowledge on DFIR☆135Updated 3 years ago
- Sigma Detection Rule Repository☆89Updated 5 years ago
- A MITRE Caldera plugin written in Python 3 used to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files…☆73Updated 3 years ago
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings☆121Updated 4 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆84Updated 4 years ago