elastic / ecs-mapper
Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash
☆54Updated 3 years ago
Alternatives and similar repositories for ecs-mapper:
Users that are interested in ecs-mapper are comparing it to the libraries listed below
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated last month
- This repository contains a few examples of actions that can be added to rules within Elastic Security.☆22Updated last month
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Updated 4 years ago
- This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.☆27Updated 3 years ago
- Contains Logstash related content including tons of Logstash configurations☆253Updated 3 years ago
- SIEM Logstash parsing for more than hundred technologies☆183Updated this week
- Documentation of Cortex☆174Updated last year
- SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)☆185Updated 3 years ago
- Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing☆105Updated last year
- Converts Netwitness log parser configuration to Logstash configuration☆20Updated 4 years ago
- Technical add-on for Splunk related to TheHive/Cortex from TheHive project☆53Updated last month
- Synapse: a Meta Alert Feeder for TheHive, a Security Incident Response Platform☆71Updated last year
- SOC Workflow App helps Security Analysts and Threat Hunters explore suspicious events, look into raw events arriving at the Elastic Stack…☆94Updated 2 years ago
- Swagger/ OpenAPI specifications for security products and services☆75Updated 3 weeks ago
- OASIS TC Open Repository: TAXII 2 Client Library Written in Python☆113Updated 11 months ago
- TAXII client implementation from EclecticIQ☆99Updated 3 years ago
- Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing☆175Updated 4 years ago
- Wazuh - Splunk App☆52Updated 6 months ago
- Cisco eStreamer client☆24Updated 2 years ago
- A search command for Splunk which will allow you to search Elastic Search and display the results in the Splunk GUI☆68Updated 7 years ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆149Updated last week
- WebUI of MineMeld☆43Updated 2 years ago
- Phantom Apps Repo☆82Updated 3 years ago
- Threat Feed Aggregation, Made Easy☆167Updated 4 years ago
- Python API Client for TheHive☆221Updated 2 weeks ago
- Engine of MineMeld☆141Updated 2 years ago
- A collection of Cortex Analyzers and Responders for TheHive/Cortex☆13Updated 5 years ago
- Cyber Defence Monitoring Course Suite :: Suricata, Arkime (and others in the past)☆102Updated 9 months ago
- A utility repo to assist with converting between MISP and STIX formats☆67Updated 4 years ago
- Collaborative Open Playbook Standard☆154Updated last year