endgameinc / eql
☆219Updated last year
Alternatives and similar repositories for eql:
Users that are interested in eql are comparing it to the libraries listed below
- ☆164Updated 4 years ago
- A Python library to help with some common threat hunting data analysis operations☆142Updated 2 years ago
- Django web interface for managing Yara rules☆192Updated 6 years ago
- Parse YARA rules and operate over them more easily.☆187Updated 2 months ago
- Security ML models encoded as Yara rules☆214Updated last year
- Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.☆349Updated 3 years ago
- Log Entry to Sigma Rule Converter☆107Updated 3 years ago
- This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2☆123Updated 4 years ago
- IOC from articles, tweets for archives☆313Updated last year
- Extension to Cuckoo Sandbox open source projects, adds support to AWS cloud functionalities and enables running emulation on auto-scaling…☆136Updated 3 years ago
- ☆172Updated 10 months ago
- Deception based detection techniques mapped to the MITRE’s ATT&CK framework☆289Updated 7 years ago
- Data from a BRAWL Automated Adversary Emulation Exercise☆205Updated 4 years ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆179Updated 3 years ago
- A Python package to interact with the Mitre ATT&CK Framework☆477Updated last year
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆100Updated 3 months ago
- Sigma rules from Joe Security☆209Updated 5 months ago
- Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security relate…☆164Updated last year
- Automatically create YARA rules from malicious documents.☆211Updated 2 years ago
- SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)☆187Updated 3 years ago
- ☆129Updated 3 years ago
- Open-source framework to detect outliers in Elasticsearch events☆209Updated last year
- ☆125Updated last year
- 🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.☆261Updated 2 years ago
- Searches For Threat Hunting and Security Analytics☆241Updated last month
- A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework☆352Updated 4 years ago
- Threat Alert Logic Repository☆92Updated 6 years ago
- Main Build directory☆179Updated 5 years ago
- Golang library that implements a sigma log rule parser and match engine.☆95Updated 9 months ago
- ☆151Updated 6 years ago