elastic / security-action-examples

Related projects: ⓘ

• elastic / ecs-mapper
  Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash
  ☆54Updated 2 years ago
• corelight / ecs-mapping
  Mapping Corelight or Zeek data to Elastic Common Schema fields
  ☆33Updated 3 weeks ago
• HKcyberstark / wazuh-ecs
  Parse wazuh[HIDS] alerts into ECS mapping using Filebeat
  ☆27Updated 4 years ago
• LetMeR00t / TA-thehive-cortex
  Technical add-on for Splunk related to TheHive/Cortex from TheHive project
  ☆47Updated 2 months ago
• wazuh / wazuh-splunk
  Wazuh - Splunk App
  ☆48Updated 10 months ago
• blookot / rsa2elk
  Converts Netwitness log parser configuration to Logstash configuration
  ☆20Updated 4 years ago
• HKcyberstark / TI_Mod
  Threat Intelligence with Elastic - Minemeld integration with Elasticsearch
  ☆19Updated 3 years ago
• splunk / contentctl
  Splunk Content Control Tool
  ☆81Updated this week
• 3CORESec / SIEGMA
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆139Updated last year
• ExabeamLabs / Content-Library-CIM2
  ☆16Updated 2 months ago
• SanWieb / sigWah
  A Sigma to Wazuh / OSSEC converter including a generated Windows Sysmon ruleset
  ☆33Updated 4 years ago
• splunk / rba
  RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high…
  ☆44Updated this week
• PaloAltoNetworks / SafeNetworking
  Read only mirror. To contribute or submit issues, please go to the website link --->
  ☆12Updated last year
• splunk / cloud-datamodel-security-research
  ☆32Updated this week
• opensearch-project / security-analytics
  Security Analytics enables users for detecting security threats on their security event log data. It will also allow them to modify/tailo…
  ☆69Updated last week
• socprime / SigmaUI
  SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)
  ☆184Updated 3 years ago
• NUKIB / misp
  Docker image for MISP
  ☆109Updated last week
• k-bailey / detection-engineering-maturity-matrix
  ☆83Updated 2 years ago
• ExabeamLabs / Content-Doc
  ☆124Updated 9 months ago
• Nclose-ZA / elastalert_hive_alerter
  This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.
  ☆27Updated 3 years ago
• Cargill / OpenSIEM-Logstash-Parsing
  SIEM Logstash parsing for more than hundred technologies
  ☆180Updated this week
• OTRF / infosec-jupyterthon
  A community event for security researchers to share their favorite notebooks
  ☆105Updated 7 months ago
• tuckner / automation-capability-matrix
  A tool that allows you to document and assess any security automation in your SOC
  ☆40Updated 4 months ago
• HASecuritySolutions / Presentations
  ☆131Updated 6 months ago
• demisto / COPS
  Collaborative Open Playbook Standard
  ☆147Updated last year
• OTRF / OSSEM-DM
  OSSEM Detection Model
  ☆166Updated last year
• Hestat / ossec-sysmon
  A Ruleset to enhance detection capabilities of Ossec using Sysmon
  ☆83Updated 2 years ago
• SigmaHQ / sigma-cli
  The Sigma command line interface based on pySigma
  ☆130Updated last month
• invictus-ir / ALFA
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆142Updated 7 months ago
• TheHive-Project / awesome
  A curated list of awesome things related to TheHive & Cortex
  ☆170Updated 2 years ago