elastic / security-action-examples
This repository contains a few examples of actions that can be added to rules within Elastic Security.
☆22Updated 2 years ago
Related projects: ⓘ
- Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash☆54Updated 2 years ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆33Updated 3 weeks ago
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Updated 4 years ago
- Technical add-on for Splunk related to TheHive/Cortex from TheHive project☆47Updated 2 months ago
- Wazuh - Splunk App☆48Updated 10 months ago
- Converts Netwitness log parser configuration to Logstash configuration☆20Updated 4 years ago
- Threat Intelligence with Elastic - Minemeld integration with Elasticsearch☆19Updated 3 years ago
- Splunk Content Control Tool☆81Updated this week
- SIEGMA - Transform Sigma rules into SIEM consumables☆139Updated last year
- ☆16Updated 2 months ago
- A Sigma to Wazuh / OSSEC converter including a generated Windows Sysmon ruleset☆33Updated 4 years ago
- RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high…☆44Updated this week
- Read only mirror. To contribute or submit issues, please go to the website link --->☆12Updated last year
- ☆32Updated this week
- Security Analytics enables users for detecting security threats on their security event log data. It will also allow them to modify/tailo…☆69Updated last week
- SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)☆184Updated 3 years ago
- Docker image for MISP☆109Updated last week
- ☆83Updated 2 years ago
- ☆124Updated 9 months ago
- This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.☆27Updated 3 years ago
- SIEM Logstash parsing for more than hundred technologies☆180Updated this week
- A community event for security researchers to share their favorite notebooks☆105Updated 7 months ago
- A tool that allows you to document and assess any security automation in your SOC☆40Updated 4 months ago
- ☆131Updated 6 months ago
- Collaborative Open Playbook Standard☆147Updated last year
- OSSEM Detection Model☆166Updated last year
- A Ruleset to enhance detection capabilities of Ossec using Sysmon☆83Updated 2 years ago
- The Sigma command line interface based on pySigma☆130Updated last month
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆142Updated 7 months ago
- A curated list of awesome things related to TheHive & Cortex☆170Updated 2 years ago