endgameinc / eql
☆218Updated last year
Alternatives and similar repositories for eql:
Users that are interested in eql are comparing it to the libraries listed below
- ☆160Updated 4 years ago
- Parse YARA rules and operate over them more easily.☆184Updated last month
- Django web interface for managing Yara rules☆191Updated 6 years ago
- Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.☆349Updated 3 years ago
- Data from a BRAWL Automated Adversary Emulation Exercise☆205Updated 4 years ago
- This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2☆123Updated 4 years ago
- Deception based detection techniques mapped to the MITRE’s ATT&CK framework☆289Updated 7 years ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆179Updated 3 years ago
- Security ML models encoded as Yara rules☆215Updated last year
- A Python library to help with some common threat hunting data analysis operations☆142Updated last year
- Sigma rules from Joe Security☆207Updated 4 months ago
- IOC from articles, tweets for archives☆313Updated last year
- A Python package to interact with the Mitre ATT&CK Framework☆475Updated last year
- A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework☆352Updated 4 years ago
- Log Entry to Sigma Rule Converter☆107Updated 3 years ago
- 🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.☆261Updated 2 years ago
- An open source framework for enterprise level automated analysis.☆395Updated 2 years ago
- Extension to Cuckoo Sandbox open source projects, adds support to AWS cloud functionalities and enables running emulation on auto-scaling…☆136Updated 3 years ago
- SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)☆186Updated 3 years ago
- OASIS TC Open Repository: Non-normative schemas and examples for STIX 2☆122Updated 5 months ago
- Searches For Threat Hunting and Security Analytics☆241Updated last week
- Minimal, consistent Python API for building integrations with malware sandboxes.☆138Updated last year
- CASCADE Server☆267Updated 2 years ago
- Threat Alert Logic Repository☆92Updated 6 years ago
- A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.☆244Updated 3 years ago
- ☆172Updated 9 months ago
- ☆151Updated 6 years ago
- Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security relate…☆164Updated last year
- Detecting ATT&CK techniques & tactics for Linux☆258Updated 4 years ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆100Updated 2 months ago