elastic / security-action-examplesLinks
This repository contains a few examples of actions that can be added to rules within Elastic Security.
☆22Updated 6 months ago
Alternatives and similar repositories for security-action-examples
Users that are interested in security-action-examples are comparing it to the libraries listed below
Sorting:
- SIEM Logstash parsing for more than hundred technologies☆186Updated 3 weeks ago
- Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash☆54Updated 3 years ago
- Converts Netwitness log parser configuration to Logstash configuration☆20Updated 4 years ago
- Technical add-on for Splunk related to TheHive/Cortex from TheHive project☆53Updated 3 weeks ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated last month
- A collection of Cortex Analyzers and Responders for TheHive/Cortex☆13Updated 5 years ago
- Ansible playbook for installing MineMeld on Linux☆48Updated 4 years ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆153Updated 4 months ago
- ☆127Updated last year
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Updated 5 years ago
- Threat Intelligence with Elastic - Minemeld integration with Elasticsearch☆19Updated 4 years ago
- SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)☆189Updated 4 years ago
- Splunk Content Control Tool☆114Updated this week
- OSSEM Detection Model☆176Updated 2 years ago
- Phantom Apps Repo☆83Updated 3 years ago
- Home for Splunk security datasets.☆125Updated 5 years ago
- ☆34Updated last week
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆83Updated last year
- Contains Logstash related content including tons of Logstash configurations☆254Updated 3 years ago
- Run zeek with zeekctl in docker☆54Updated 10 months ago
- RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high…☆56Updated this week
- Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition.☆82Updated 3 months ago
- Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:☆116Updated last week
- This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.☆27Updated 4 years ago
- ☆36Updated 3 weeks ago
- scripts using splunk application lookup-editor endpoint. Download, upload and update splunk lookups content☆29Updated last year
- Collaborative Open Playbook Standard☆157Updated 2 years ago
- Pulls IOCs from MISP and adds the to reference sets in QRadar☆34Updated 2 years ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆115Updated 3 months ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆287Updated last year