elastic/security-action-examples external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

elastic/security-action-examples

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/elastic/security-action-examples)

Close

elastic / security-action-examplesView on GitHubMore

• External links
• Readme badge

This repository contains a few examples of actions that can be added to rules within Elastic Security.

☆24Feb 6, 2025Updated last year

Alternatives and similar repositories for security-action-examples

Users that are interested in security-action-examples are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• ElasticSA / elsec_dr2an

  View on GitHub
  Script to create MITRE ATT&CK Navigator layers from the annotated detection rules in Elastic Security (Kibana).
  ☆20Jul 1, 2023Updated 2 years ago
• elastic / ecs-mapper

  View on GitHub
  Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash
  ☆53Mar 9, 2022Updated 4 years ago
• elastic / cortado

  View on GitHub
  ☆27May 7, 2026Updated last week
• blookot / rsa2elk

  View on GitHub
  Converts Netwitness log parser configuration to Logstash configuration
  ☆20Sep 10, 2020Updated 5 years ago
• aacgood / Cortex-Analyzers

  View on GitHub
  A collection of Cortex Analyzers and Responders for TheHive/Cortex
  ☆13Jan 29, 2020Updated 6 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• emulation-plans / emulation-plans

  View on GitHub
  A list of Mitre Caldera compatible emulation-plans
  ☆14Feb 1, 2021Updated 5 years ago
• elastic / workflows

  View on GitHub
  ☆48Apr 4, 2026Updated last month
• Nclose-ZA / elastalert_hive_alerter

  View on GitHub
  This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.
  ☆26May 18, 2021Updated 5 years ago
• theY4Kman / parsuricata

  View on GitHub
  Parse Suricata rules
  ☆14Aug 1, 2023Updated 2 years ago
• WuerthPhoenix / safed

  View on GitHub
  Safed for Linux
  ☆14Jul 5, 2019Updated 6 years ago
• corelight / ecs-mapping

  View on GitHub
  Mapping Corelight or Zeek data to Elastic Common Schema fields
  ☆33Apr 24, 2026Updated 3 weeks ago
• ipworkx / ecs-suricata

  View on GitHub
  ☆12Apr 23, 2020Updated 6 years ago
• molu8bits / squid-filebeat-kibana

  View on GitHub
  Filebeat module for Squid access.log + Kibana dashboards. ELK 7.x
  ☆17Sep 19, 2020Updated 5 years ago
• blookot / elastic-releases

  View on GitHub
  Listing releases of the Elastic stack with new features and references
  ☆19May 7, 2026Updated last week
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• elastic / genai-workshop-colab

  View on GitHub
  Elastic GenAI Workshop (Colab)
  ☆12Feb 6, 2025Updated last year
• zampat / neteye4

  View on GitHub
  NetEye 4 community repository to share monitoring templates, Plugin scripts and instructions to enhance some NetEye modules in an guided …
  ☆18Dec 17, 2025Updated 5 months ago
• zeek / zeek-training

  View on GitHub
  Zeek Training Materials/Products
  ☆44Apr 21, 2026Updated 3 weeks ago
• elastic / synthetics-recorder

  View on GitHub
  ☆32Apr 30, 2026Updated 2 weeks ago
• j91321 / ansible-role-auditbeat

  View on GitHub
  Ansible role to install auditbeat for security monitoring. (Ruleset included)
  ☆15Nov 16, 2023Updated 2 years ago
• elastic / ecs-logging-go-zerolog

  View on GitHub
  Elastic Common Schema (ECS) support for zerolog
  ☆11Apr 21, 2026Updated 3 weeks ago
• runtimeverification / k-editor-support

  View on GitHub
  Plugin files for editing K files
  ☆12Aug 20, 2024Updated last year
• HKcyberstark / TI_Mod

  View on GitHub
  Threat Intelligence with Elastic - Minemeld integration with Elasticsearch
  ☆19May 11, 2021Updated 5 years ago
• PaloAltoNetworks / minemeld-ansible

  View on GitHub
  Ansible playbook for installing MineMeld on Linux
  ☆47Mar 18, 2021Updated 5 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• SimoneCagol / sigma-rules-crawler

  View on GitHub
  ☆34Oct 16, 2025Updated 7 months ago
• Zimbra / elastic-stack

  View on GitHub
  A guide on using Zimbra with Elastic Stack using centralized logging
  ☆27Apr 26, 2023Updated 3 years ago
• frikky / WALKOFF

  View on GitHub
  A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, t…
  ☆12Nov 23, 2022Updated 3 years ago
• elastiflow / elastiflow_for_elasticsearch

  View on GitHub
  A solution for using the ElastiFlow Unified Collector with the Elastic Stack (Elasticsearch and Kibana).
  ☆26Nov 10, 2025Updated 6 months ago
• davidrecordon / terraform-aws-kolide-fleet

  View on GitHub
  Deploy Kolide's Fleet into AWS using Terraform.
  ☆16Apr 18, 2018Updated 8 years ago
• ExamProCo / gen-ai-training-day-workshops

  View on GitHub
  This repo contains the workshops for the GenAI Training Day.
  ☆15Nov 15, 2024Updated last year
• jhrozek / pam_hbac

  View on GitHub
  A simple pam account module to process HBAC rules stored on an IPA server
  ☆10May 14, 2018Updated 8 years ago
• jonny-jhnson / Automated-Detection-Pipeline

  View on GitHub
  ☆16Dec 16, 2020Updated 5 years ago
• amthiam / Gestion_Stocks

  View on GitHub
  Logiciel de gestion de stock
  ☆25Oct 11, 2023Updated 2 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• shellygr / ECFChecker

  View on GitHub
  A dynamic checker for the ECF property incorporated into geth
  ☆15Oct 27, 2017Updated 8 years ago
• randerzander / docker-ambari

  View on GitHub
  Dockerfile and artifacts for running a self-contained HDP 2.3 "cluster" in a docker container
  ☆10Aug 30, 2016Updated 9 years ago
• akky2892 / Cyber-Threat-Hunting

  View on GitHub
  Information about most important hunts which can be performed by Threat hunters while searching for any adversary/threats inside the orga…
  ☆15May 18, 2019Updated 7 years ago
• HKcyberstark / wazuh-ecs

  View on GitHub
  Parse wazuh[HIDS] alerts into ECS mapping using Filebeat
  ☆28Jul 21, 2020Updated 5 years ago
• elastic / faker-datasets

  View on GitHub
  Faker provider that loads data from your datasets
  ☆19Nov 18, 2025Updated 6 months ago
• ninoseki / kibune

  View on GitHub
  A Sigma based detection pipeline
  ☆12Dec 15, 2023Updated 2 years ago
• dimovnike / alpine-openvpn

  View on GitHub
  Openvpn client in a docker container.
  ☆11Nov 5, 2024Updated last year