elastic / geneve
☆11Updated this week
Related projects: ⓘ
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆33Updated 3 weeks ago
- setup zeek, previously Bro IDS☆17Updated last month
- Converts Netwitness log parser configuration to Logstash configuration☆20Updated 4 years ago
- Zeek package for tracking long connections to report them before they have completed.☆28Updated 2 years ago
- Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash☆54Updated 2 years ago
- Zeek support for Community ID flow hashing.☆32Updated last year
- A Zeek package that detects Zoom logins and meeting joins☆11Updated 4 years ago
- Threat Intelligence with Elastic - Minemeld integration with Elasticsearch☆19Updated 3 years ago
- Connector for pulling and converting STIX information from TAXII Service Providers into CB Feeds.☆15Updated 2 years ago
- Specifications used in the MISP project including MISP core format☆45Updated 2 months ago
- ansible role to setup MISP, Malware Information Sharing Platform & Threat Sharing☆51Updated 2 months ago
- ☆23Updated 4 years ago
- server for indexing and querying passive DNS observations☆44Updated 7 months ago
- ☆38Updated this week
- Expandable Defensive Cyber Operations Platform☆43Updated last year
- My logstash plugins. Filter: sig (for security detect -> IOC, sig, New value, Reference, link, frequence, ...). Output: alert created by …☆10Updated 5 years ago
- This repository contains a few examples of actions that can be added to rules within Elastic Security.☆22Updated 2 years ago
- Firepit - STIX Columnar Storage☆15Updated 3 months ago
- Bro IDS + ELK Stack to detect and block data exfiltration☆46Updated 5 years ago
- A few quick recipes for those that do not have much time during the day☆21Updated 3 weeks ago
- CIFv3 DeploymentKit☆62Updated 4 years ago
- CyCAT.org API back-end server including crawlers☆30Updated last year
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Updated 4 years ago
- Elastic TIP is a python tool which automates the process of aggregating Threat Intelligence and ingesting the intelligence into a common …☆27Updated last month
- ☆34Updated last year
- intelligence-icons is a collection of icons and diagrams for building training and marketing materials around Intelligence sharing; inclu…☆38Updated 5 years ago
- A search command for Splunk which will allow you to search Elastic Search and display the results in the Splunk GUI☆67Updated 7 years ago
- Bro Intel Feed Linter☆26Updated 5 years ago
- Push "BAD" IPs/Networks into QRadar's "Remote Networks", tag them properly, and use them!☆17Updated 10 years ago
- ☆66Updated this week