Alternatives and similar repositories for security-action-examples:

Users that are interested in security-action-examples are comparing it to the libraries listed below

• corelight / ecs-mapping
  Mapping Corelight or Zeek data to Elastic Common Schema fields
  ☆34Updated this week
• elastic / ecs-mapper
  Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash
  ☆54Updated 3 years ago
• LetMeR00t / TA-thehive-cortex
  Technical add-on for Splunk related to TheHive/Cortex from TheHive project
  ☆53Updated this week
• 3CORESec / SIEGMA
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆149Updated last month
• HKcyberstark / TI_Mod
  Threat Intelligence with Elastic - Minemeld integration with Elasticsearch
  ☆19Updated 3 years ago
• Shuffle / python-apps
  Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:
  ☆109Updated 3 weeks ago
• HKcyberstark / wazuh-ecs
  Parse wazuh[HIDS] alerts into ECS mapping using Filebeat
  ☆27Updated 4 years ago
• socprime / SigmaUI
  SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)
  ☆187Updated 3 years ago
• k-bailey / detection-engineering-maturity-matrix
  ☆93Updated 2 years ago
• blookot / rsa2elk
  Converts Netwitness log parser configuration to Logstash configuration
  ☆20Updated 4 years ago
• ExabeamLabs / Content-Doc
  ☆125Updated last year
• OTRF / infosec-jupyterthon
  A community event for security researchers to share their favorite notebooks
  ☆107Updated last year
• OTRF / OSSEM-DM
  OSSEM Detection Model
  ☆177Updated 2 years ago
• siriussecurity / dettectinator
  Dettectinator - The Python library to your DeTT&CT YAML files.
  ☆111Updated 2 weeks ago
• michaelhidalgo / attack-to-elk
  This program exports MITRE ATT&CK framework in ELK dashboard
  ☆78Updated 2 years ago
• Cargill / OpenSIEM-Logstash-Parsing
  SIEM Logstash parsing for more than hundred technologies
  ☆184Updated last week
• tuckner / automation-capability-matrix
  A tool that allows you to document and assess any security automation in your SOC
  ☆46Updated 5 months ago
• SigmaHQ / sigma-cli
  The Sigma command line interface based on pySigma
  ☆151Updated last week
• OTRF / OSSEM-DD
  OSSEM Data Dictionaries
  ☆59Updated 3 months ago
• invictus-ir / ALFA
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆162Updated last month
• Intellisec-Solutions / Sentinel2D3FEND
  This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defense…
  ☆71Updated 3 years ago
• splunk / salo
  Synthetic Adversarial Log Objects: A Framework for synthentic log generation
  ☆81Updated last year
• aacgood / Cortex-Analyzers
  A collection of Cortex Analyzers and Responders for TheHive/Cortex
  ☆13Updated 5 years ago
• splunk / contentctl
  Splunk Content Control Tool
  ☆111Updated this week
• Loginsoft-LLC / threat-detection-rules
  Threat Detection & Anomaly Detection rules for popular open-source components
  ☆51Updated 2 years ago
• socprime / soc_workflow_app_ce
  SOC Workflow App helps Security Analysts and Threat Hunters explore suspicious events, look into raw events arriving at the Elastic Stack…
  ☆94Updated 2 years ago
• west-wind / Threat-Hunting-With-Splunk
  Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
  ☆61Updated 11 months ago
• P4T12ICK / Sigma-Hunting-App
  A Splunk App containing Sigma detection rules, which can be updated from a Git repository.
  ☆108Updated 5 years ago
• splunk / rba
  RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high…
  ☆53Updated last month
• P4T12ICK / Sigma2SplunkAlert
  Converts Sigma detection rules to a Splunk alert configuration.
  ☆111Updated 4 years ago