Alternatives and similar repositories for securitylabs-thrunting-tools

Users that are interested in securitylabs-thrunting-tools are comparing it to the libraries listed below

• OTRF / OSSEM-DD
  OSSEM Data Dictionaries
  ☆65Updated last year
• Beercow / SEPparser
  Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.
  ☆64Updated 3 years ago
• certeu / droid
  A pySigma wrapper to manage detection rules.
  ☆44Updated 2 weeks ago
• siriussecurity / dettectinator
  Dettectinator - The Python library to your DeTT&CT YAML files.
  ☆119Updated 3 weeks ago
• APTA-Technologies / APTAAnomaly
  Windows event log anomaly detection powered by ATPA technologies
  ☆26Updated 3 years ago
• microsoft / MSTIC-Sysmon
  Anything Sysmon related from the MSTIC R&D team
  ☆156Updated last year
• NextronSystems / evtx-baseline
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆86Updated last month
• Neo23x0 / yaraQA
  YARA rule analyzer to improve rule quality and performance
  ☆111Updated 3 weeks ago
• splunk / salo
  Synthetic Adversarial Log Objects: A Framework for synthentic log generation
  ☆85Updated 2 years ago
• splunk / attack-detections-collector
  Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique
  ☆69Updated last year
• opencybersecurityalliance / oca-iob
  Augmentation to Machine Readable CTI
  ☆37Updated 5 months ago
• center-for-threat-informed-defense / summiting-the-pyramid
  Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…
  ☆55Updated last week
• 3CORESec / SIEGMA
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆159Updated 11 months ago
• SigmaHQ / pySigma-backend-splunk
  pySigma Splunk backend
  ☆41Updated this week
• csababarta / memory-baseliner
  Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…
  ☆55Updated 2 years ago
• harelsegev / INDXRipper
  Carve file metadata from NTFS index ($I30) attributes
  ☆71Updated 2 years ago
• Kirtar22 / ThreatHunting_with_Osquery
  Threat Hunting & Incident Investigation with Osquery
  ☆216Updated 3 years ago
• OTRF / infosec-jupyterthon
  A community event for security researchers to share their favorite notebooks
  ☆108Updated last year
• EricZimmerman / RECmd
  Command line access to the Registry
  ☆167Updated this week
• thremulation-station / thremulation-station
  Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.
  ☆39Updated last month
• ReconInfoSec / velociraptor-to-timesketch
  ☆14Updated last year
• OTRF / infosec-jupyter-book
  The Infosec Community Definitive Guide to Jupyter Notebooks
  ☆131Updated 5 years ago
• ashwin-patil / threat-hunting-with-notebooks
  Repository with Sample threat hunting notebooks on Security Event Log Data Sources
  ☆69Updated 3 years ago
• OTRF / Set-AuditRule
  Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity
  ☆94Updated 4 years ago
• inodee / spl-to-kql
  The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…
  ☆44Updated 5 years ago
• 00010111 / smbtimeline
  ☆35Updated last year
• SigmaHQ / sigma-cli
  The Sigma command line interface based on pySigma
  ☆176Updated last month
• MarkBaggett / ese-analyst
  This is a set of tools for doing forensics analysis on Microsoft ESE databases.
  ☆128Updated 4 years ago
• blueteam0ps / AllthingsTimesketch
  This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.
  ☆118Updated 2 years ago
• BinaryDefense / ThreatHuntingJupyterNotebooks
  ☆65Updated 3 years ago