elastic / security-action-examples
This repository contains a few examples of actions that can be added to rules within Elastic Security.
☆22Updated last month
Alternatives and similar repositories for security-action-examples:
Users that are interested in security-action-examples are comparing it to the libraries listed below
- Converts Netwitness log parser configuration to Logstash configuration☆20Updated 4 years ago
- SIEM Logstash parsing for more than hundred technologies☆183Updated this week
- SIEGMA - Transform Sigma rules into SIEM consumables☆149Updated last week
- Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash☆54Updated 3 years ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated last month
- Wazuh - Splunk App☆52Updated 6 months ago
- Technical add-on for Splunk related to TheHive/Cortex from TheHive project☆53Updated last month
- ☆93Updated 2 years ago
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Updated 4 years ago
- Splunk Content Control Tool☆107Updated this week
- RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high…☆52Updated this week
- ☆125Updated last year
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆80Updated last year
- Dettectinator - The Python library to your DeTT&CT YAML files.☆109Updated 2 months ago
- Open source endpoint agent providing host information to Zeek. [v2]☆77Updated 5 months ago
- The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders…☆142Updated 6 months ago
- A tool that allows you to document and assess any security automation in your SOC☆46Updated 4 months ago
- Threat Intelligence with Elastic - Minemeld integration with Elasticsearch☆19Updated 3 years ago
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆161Updated 2 weeks ago
- SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)☆185Updated 3 years ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆273Updated last year
- Docker image for MISP☆123Updated 2 months ago
- Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:☆108Updated this week
- An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.☆144Updated last month
- OSSEM Detection Model☆177Updated 2 years ago
- A community event for security researchers to share their favorite notebooks☆107Updated last year
- The Infosec Community Definitive Guide to Jupyter Notebooks☆121Updated 4 years ago
- A curated list of awesome things related to TheHive & Cortex☆177Updated 3 years ago
- The Sigma command line interface based on pySigma☆147Updated 3 weeks ago
- A Ruleset to enhance detection capabilities of Ossec using Sysmon☆91Updated 2 years ago