frack113 / sigma_redcanarycoView external linksLinks
Knowing which rule should trigger according to the redcannary test
☆11Nov 23, 2024Updated last year
Alternatives and similar repositories for sigma_redcanaryco
Users that are interested in sigma_redcanaryco are comparing it to the libraries listed below
Sorting:
- Bring Your Own Mitre Att&ck © Matrix !☆13Oct 19, 2023Updated 2 years ago
- simple webapp for converting sigma rules into siem queries using the pySigma library☆52Sep 1, 2023Updated 2 years ago
- Menu for Thor scanner lite☆20Oct 24, 2025Updated 3 months ago
- Sigma rules converted for direct use with Zircolite☆14Updated this week
- ☆13Feb 6, 2018Updated 8 years ago
- MISP to Splunk Enterprise Security Theat Intelligence Framework Integration☆14Jul 11, 2023Updated 2 years ago
- The Linux DFIR Collector is a stand-alone collection tool for Gnu / Linux. Dump artifacts in json format with very few impacts on the hos…☆32Mar 9, 2022Updated 3 years ago
- Volatility, on Docker 🐳☆41Nov 20, 2025Updated 2 months ago
- Detection Rule License (DRL)☆21Dec 27, 2024Updated last year
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated last month
- ☆42Sep 16, 2022Updated 3 years ago
- ☆17Oct 13, 2025Updated 4 months ago
- Scripts and lists to help generate YARA friendly string mutations☆22Apr 9, 2023Updated 2 years ago
- Look into EDR events from network☆25Nov 20, 2025Updated 2 months ago
- Emulates the VirusTotal "vt" YARA module for livehunt rule debugging/testing☆25May 29, 2023Updated 2 years ago
- Sigma detection rules for hunting with the threathunting-keywords project☆58Mar 2, 2025Updated 11 months ago
- Tools for inspecting YARA bytecode☆21Jul 1, 2020Updated 5 years ago
- THOR Thunderstorm Collectors☆25Updated this week
- QRadar Export the rule set for printing☆23Oct 23, 2017Updated 8 years ago
- Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)☆24Mar 3, 2023Updated 2 years ago
- Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at ht…☆24Jun 20, 2023Updated 2 years ago
- Offensive Research Guide to Help Defense Improve Detection☆32Jan 27, 2023Updated 3 years ago
- ☆32Oct 16, 2025Updated 3 months ago
- Explore the GOAD Active Directory lab in 5 minutes with Adalanche☆42Jan 10, 2025Updated last year
- This Repository Talks about the Follina MSDT from Defender Perspective☆38Jun 2, 2022Updated 3 years ago
- pySigma Splunk backend☆41Updated this week
- The Sigma command line interface based on pySigma☆176Feb 5, 2026Updated last week
- The Project can be used to integrate QRadar with MISP Threat Sharing Platform☆40May 18, 2022Updated 3 years ago
- MISP to Microsoft Defender integration☆16Feb 6, 2026Updated last week
- ☆11Apr 25, 2021Updated 4 years ago
- Validates yara rules and tries to repair the broken ones.☆41Sep 5, 2020Updated 5 years ago
- ☆43Apr 18, 2023Updated 2 years ago
- ☆46Jun 1, 2023Updated 2 years ago
- A repository to share publicly available Velociraptor detection content☆196Updated this week
- An open-source computer forensics tool that can display summary as the result of Windows Event Log analysis based on the chosen function(…☆11Feb 2, 2023Updated 3 years ago
- ☆12Feb 24, 2023Updated 2 years ago
- ☆10Jan 22, 2025Updated last year
- Threat Intel and Incident Reponse☆10Aug 29, 2018Updated 7 years ago
- Postfix Add-on for Splunk (Compliant with the Mail CIM model)☆11Mar 18, 2021Updated 4 years ago