elastic / security-action-examples
This repository contains a few examples of actions that can be added to rules within Elastic Security.
☆22Updated last month
Alternatives and similar repositories for security-action-examples:
Users that are interested in security-action-examples are comparing it to the libraries listed below
- Technical add-on for Splunk related to TheHive/Cortex from TheHive project☆53Updated last month
- Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash☆54Updated 3 years ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated last month
- SIEGMA - Transform Sigma rules into SIEM consumables☆149Updated this week
- Splunk Content Control Tool☆107Updated this week
- Converts Netwitness log parser configuration to Logstash configuration☆20Updated 4 years ago
- Wazuh - Splunk App☆52Updated 5 months ago
- RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high…☆51Updated 3 months ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆109Updated 2 months ago
- ☆93Updated 2 years ago
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Updated 4 years ago
- SIEM Logstash parsing for more than hundred technologies☆183Updated 3 weeks ago
- OSSEM Detection Model☆176Updated 2 years ago
- The Sigma command line interface based on pySigma☆146Updated 2 weeks ago
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆80Updated last year
- ☆124Updated last year
- Threat Intelligence with Elastic - Minemeld integration with Elasticsearch☆19Updated 3 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆109Updated 4 years ago
- Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:☆107Updated 2 weeks ago
- The Infosec Community Definitive Guide to Jupyter Notebooks☆121Updated 4 years ago
- This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.☆27Updated 3 years ago
- OSSEM Data Dictionaries☆59Updated last month
- ☆21Updated this week
- A community event for security researchers to share their favorite notebooks☆107Updated last year
- Splunk Admins application to assist with troubleshooting Splunk enterprise installations☆94Updated 3 weeks ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆273Updated last year
- A collection of Cortex Analyzers and Responders for TheHive/Cortex☆13Updated 5 years ago
- Data validator agains Splunk Common Information Model (CIM)☆75Updated 11 months ago
- A Sigma to Wazuh / OSSEC converter including a generated Windows Sysmon ruleset☆33Updated 4 years ago
- Convert Sigma rules to Wazuh rules☆63Updated 11 months ago