Maps process creation logged by Sysmon uses Google Org Chart API
☆23Mar 5, 2016Updated 10 years ago
Alternatives and similar repositories for SysmonMapper
Users that are interested in SysmonMapper are comparing it to the libraries listed below
Sorting:
- Some IR notes☆17Jul 2, 2016Updated 9 years ago
- Script for auditing whitelist and finding fronted domains and loosely typed regular expressions.☆13Dec 25, 2017Updated 8 years ago
- Splunk TA for alert action to TheHive-project☆11May 13, 2020Updated 5 years ago
- PowerShell No Agent Hunting☆111Apr 23, 2018Updated 7 years ago
- PowerShell module with improved Active Directory cmdlets☆30Jan 24, 2017Updated 9 years ago
- ☆13Feb 6, 2018Updated 8 years ago
- ☆15Jan 10, 2019Updated 7 years ago
- Queries to parse sysmon event log file with microsoft logparser☆58Mar 31, 2015Updated 10 years ago
- Multiple rules for yara-project for detect compiler/packer/protector☆33Dec 24, 2019Updated 6 years ago
- Windows Drivers☆100Apr 6, 2019Updated 6 years ago
- PowerShell module for creating and managing Sysinternals Sysmon config files.☆215Mar 29, 2021Updated 4 years ago
- Find permanent WMI event consumers on endpoints that could be used by APT actors.☆17Jun 15, 2016Updated 9 years ago
- ☆82Jul 5, 2016Updated 9 years ago
- Various scripts to help you out. Mostly very scrappy, but functional. I realise Write-Host is not the way to do things, but I wrote som…☆27May 13, 2022Updated 3 years ago
- Splunk App to assist Sysmon Threat Hunting☆38Mar 7, 2017Updated 9 years ago
- Windows Trollware and Persistence Script☆13Sep 16, 2015Updated 10 years ago
- Finds dynamic DNS (like no-ip.org) domains from a given list of domains☆14Sep 17, 2015Updated 10 years ago
- Machine Interrogation To Identify Gaps & Techniques for Execution☆33Jul 12, 2022Updated 3 years ago
- B-Sides CBR 2018 talk about group policy and Grouper☆38May 3, 2019Updated 6 years ago
- SQL scripts for querying event logs☆21Jul 12, 2017Updated 8 years ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Jul 13, 2018Updated 7 years ago
- Why hunt when you can seine?☆21May 12, 2015Updated 10 years ago
- Powershell Functions to interact with TheHive-Project☆11Jun 27, 2019Updated 6 years ago
- irCRpull is a PowerShell script utilized to pull several system artifacts, utilizing the free tool CrowdResponse, from a live Win7+ syste…☆14Mar 25, 2015Updated 10 years ago
- Script to enabled DNS Debug Logging across Domain Controllers in a Forest and then retrieve for analysis☆14May 27, 2016Updated 9 years ago
- Repository for all cbapi example scripts☆16Sep 18, 2018Updated 7 years ago
- Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …☆822Nov 5, 2023Updated 2 years ago
- IDATACO IDA Pro Plugin☆46Jun 14, 2016Updated 9 years ago
- CCK2☆46Jan 9, 2020Updated 6 years ago
- Reconstruct process trees from event logs☆147Aug 12, 2020Updated 5 years ago
- Parses for Google Analytic values in raw files like RAM, DD images etc.☆18Apr 17, 2016Updated 9 years ago
- Indexed search and clustering tool for digital forensics☆26Nov 5, 2014Updated 11 years ago
- Discover potential timestamps within the Windows Registry☆19Apr 22, 2014Updated 11 years ago
- This is a python script that can be run on each Splunk Indexer for the purpose of exporting historical bucket data (raw events + metadata…☆12Jan 31, 2024Updated 2 years ago
- ☆20May 30, 2025Updated 9 months ago
- Cypherpunks Hall of Fame☆23Nov 10, 2025Updated 4 months ago
- Manticore Ransomware Emulation - Educational Purpose Only!☆10Aug 2, 2020Updated 5 years ago
- Validate IOC from MISP ; Export results and iocs to SIEM and sensors using syslog and CEF format☆14Sep 13, 2016Updated 9 years ago
- Various tools and scripts☆43Nov 30, 2022Updated 3 years ago