Alternatives and similar repositories for cortex-xdr-client

Users that are interested in cortex-xdr-client are comparing it to the libraries listed below

• chronicle / GCTI
  ☆553Updated 2 years ago
• zeronetworks / ldapfw
  Protect your Domain Controllers by auditing and restricting LDAP requests
  ☆177Updated 8 months ago
• Securonix / AutonomousThreatSweeper
  Threat Hunting queries for various attacks
  ☆244Updated 2 weeks ago
• Yamato-Security / hayabusa-rules
  Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
  ☆213Updated last week
• MazX0p / ThreatHound
  ☆160Updated 2 years ago
• whikernel / evtx2splunk
  Evtx to Splunk ingestor
  ☆15Updated 3 years ago
• center-for-threat-informed-defense / insider-threat-ttp-kb
  The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders…
  ☆147Updated 6 months ago
• microsoft / MSTIC-Sysmon
  Anything Sysmon related from the MSTIC R&D team
  ☆156Updated last year
• wietze / windows-command-line-obfuscation
  Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.
  ☆182Updated last year
• joeavanzato / RetrievIR
  PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
  ☆109Updated last year
• OTRF / OSSEM-DM
  OSSEM Detection Model
  ☆182Updated 3 years ago
• SigmaHQ / sigma-cli
  The Sigma command line interface based on pySigma
  ☆174Updated 3 weeks ago
• op7ic / EDR-Testing-Script
  Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-Cradle…
  ☆312Updated 4 years ago
• ait-testbed / attackmate
  AttackMate is an attack orchestration tool that executes full attack-chains based on playbooks.
  ☆43Updated last week
• sublime-security / sublime-rules
  Sublime rules for email attack detection, prevention, and threat hunting.
  ☆342Updated last week
• drb-ra / C2IntelFeeds
  Automatically created C2 Feeds
  ☆660Updated last week
• mdecrevoisier / Splunk-input-windows-baseline
  Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…
  ☆94Updated 7 months ago
• redcanaryco / AtomicTestHarnesses
  Public Repo for Atomic Test Harness
  ☆283Updated 9 months ago
• netwrix / PingCastleCloud
  Audit program for AzureAD
  ☆150Updated 2 years ago
• mthcht / ThreatHunting-Keywords-yara-rules
  yara detection rules for hunting with the threathunting-keywords project
  ☆157Updated 8 months ago
• NextronSystems / ransomware-simulator
  Ransomware simulator written in Golang
  ☆470Updated 3 years ago
• jonny-jhnson / MSRPC-to-ATTACK
  A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
  ☆342Updated 2 years ago
• center-for-threat-informed-defense / top-attack-techniques
  Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques t…
  ☆121Updated 8 months ago
• fox-it / cobaltstrike-beacon-data
  Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
  ☆133Updated 3 years ago
• CrowdStrike / OWASSRF
  ☆14Updated 3 years ago
• vectra-ai-research / MAAD-AF
  MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).
  ☆412Updated 2 weeks ago
• maddev-engenuity / AdversaryEmulation
  MAD ATT&CK Defender: ATT&CK Adversary Emulation Repository
  ☆127Updated 2 years ago
• Neo23x0 / Loki-RS
  🐍 High-performance, multi-threaded YARA & IOC scanner
  ☆236Updated last week
• MHaggis / ADTrapper
  Hunt Smarter, Hunt Harder
  ☆115Updated 2 weeks ago
• fox-it / dissect.cobaltstrike
  Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
  ☆185Updated 7 months ago