ethansilvas / splunk-logs-and-investigations
Investigating attacks using Splunk Enterprise logs and creating SPL intrusion detection searches based on known attacker TTPs and anomaly behavior derived from statistical baselines
☆15Updated 11 months ago
Related projects ⓘ
Alternatives and complementary repositories for splunk-logs-and-investigations
- ☆157Updated 8 months ago
- ☆32Updated 2 weeks ago
- SIEM Cheat Sheet☆72Updated last year
- Some important DFIR Resources☆82Updated last year
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆148Updated 5 months ago
- An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.☆129Updated last week
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆157Updated this week
- Playbooks for SOC Analysts☆143Updated last year
- Hands-on cybersecurity projects to enhance skills in phishing investigation, malware analysis, network intrusion detection, and DDoS atta…☆86Updated 5 months ago
- ThreatSeeker: Threat Hunting via Windows Event Logs☆114Updated last year
- Some Threat Hunting queries useful for blue teamers☆123Updated 2 years ago
- Welcome to Project KillChain, a comprehensive GitHub repository for Red and Blue Teams. This repository houses tools, scripts, technique…☆97Updated 2 months ago
- ☆42Updated last month
- An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.☆165Updated 4 months ago
- Resources To Learn And Understand SIGMA Rules☆167Updated last year
- A collection of various SIEM rules relating to malware family groups.☆61Updated 4 months ago
- A library of reference materials, tools, and other resources to aid threat profiling, threat quantification, and cyber adversary defense☆74Updated 11 months ago
- An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.☆183Updated 4 months ago
- A collection of companies that disclose adversary TTPs after they have been breached☆240Updated 6 months ago
- CarbonBlack EDR detection rules and response actions☆71Updated 2 months ago
- CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable repor…☆202Updated last year
- Advanced Bash script designed for conducting digital forensics on Linux systems☆131Updated 7 months ago
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆23Updated 2 months ago
- MISP Playbooks☆174Updated 3 weeks ago
- ☆24Updated last year
- ☆128Updated last year
- AHHHZURE is an automated deployment script that creates a vulnerable Azure cloud lab for offensive security practitioners and enthusiasts…☆101Updated 6 months ago
- ☆42Updated last year
- Harness the power of Splunk for your investigations☆76Updated 2 weeks ago
- MAD ATT&CK Defender: ATT&CK Adversary Emulation Repository☆108Updated last year