endgameinc / eql
☆218Updated last year
Alternatives and similar repositories for eql:
Users that are interested in eql are comparing it to the libraries listed below
- ☆159Updated 4 years ago
- Django web interface for managing Yara rules☆190Updated 6 years ago
- A Python library to help with some common threat hunting data analysis operations☆140Updated last year
- Deception based detection techniques mapped to the MITRE’s ATT&CK framework☆288Updated 7 years ago
- Sigma rules from Joe Security☆205Updated 2 months ago
- Data from a BRAWL Automated Adversary Emulation Exercise☆204Updated 4 years ago
- Log Entry to Sigma Rule Converter☆107Updated 2 years ago
- Parse YARA rules and operate over them more easily.☆179Updated this week
- IOC from articles, tweets for archives☆312Updated last year
- This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2☆123Updated 4 years ago
- ☆169Updated 7 months ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆179Updated 3 years ago
- Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.☆347Updated 3 years ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆97Updated 2 weeks ago
- 🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.☆261Updated last year
- Mapping NSM rules to MITRE ATT&CK☆68Updated 4 years ago
- Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security relate…☆163Updated last year
- ☆150Updated 6 years ago
- Minimal, consistent Python API for building integrations with malware sandboxes.☆137Updated 11 months ago
- A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework☆350Updated 4 years ago
- A Python package to interact with the Mitre ATT&CK Framework☆472Updated last year
- ☆123Updated last year
- Open-source framework to detect outliers in Elasticsearch events☆207Updated last year
- Extension to Cuckoo Sandbox open source projects, adds support to AWS cloud functionalities and enables running emulation on auto-scaling…☆136Updated 2 years ago
- CASCADE Server☆265Updated 2 years ago
- Detecting ATT&CK techniques & tactics for Linux☆258Updated 4 years ago
- Threat Alert Logic Repository☆91Updated 5 years ago
- This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant ya…☆121Updated 3 years ago
- Automatically create YARA rules from malicious documents.☆208Updated 2 years ago
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆369Updated 2 years ago