elastic / detection-rules-explorerLinks
☆20Updated this week
Alternatives and similar repositories for detection-rules-explorer
Users that are interested in detection-rules-explorer are comparing it to the libraries listed below
Sorting:
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆79Updated last month
- Living off the False Positive!☆37Updated 4 months ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆107Updated 6 months ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆36Updated 5 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆41Updated last month
- Security Content for the PEAK Threat Hunting Framework☆29Updated last year
- ☆72Updated 8 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆81Updated last month
- This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that ma…☆16Updated 2 years ago
- Slides of my public talks☆55Updated last year
- VTC - Velociraptor Timeline Creator☆18Updated last year
- Full of public notes and Utilities☆117Updated 4 months ago
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆38Updated last year
- A pySigma wrapper to manage detection rules.☆39Updated 3 weeks ago
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆43Updated 4 years ago
- Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help det…☆50Updated this week
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆36Updated last week
- ☆92Updated last month
- Elastic Security Labs releases☆68Updated last week
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆89Updated 10 months ago
- Remote access and Antivirus Logging Database☆42Updated last year
- Hunting Queries for Defender ATP☆82Updated 2 months ago
- Repo for Automations and other solutions for Elastic SIEM/Security.☆18Updated 4 years ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆91Updated 2 weeks ago
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆63Updated 2 years ago
- Kerberoast Detection Script☆30Updated 7 months ago
- Provides an advanced baseline to implement a secure Windows auditing strategy on Windows OS.☆54Updated 2 weeks ago
- Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools…☆99Updated 3 weeks ago
- Baseline a Windows System against LOLBAS☆27Updated last year
- A collection of various SIEM rules relating to malware family groups.☆66Updated last year