A Software as a Service (SaaS) log collection framework.
☆182Jan 16, 2026Updated last month
Alternatives and similar repositories for grove
Users that are interested in grove are comparing it to the libraries listed below
Sorting:
- Substation is a toolkit for routing, normalizing, and enriching security event and audit logs.☆389Jan 20, 2026Updated last month
- pocket guide for core detection engineering concepts☆31May 8, 2023Updated 2 years ago
- ☆83Dec 5, 2019Updated 6 years ago
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆338Feb 13, 2026Updated 2 weeks ago
- Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS☆1,658Jan 8, 2025Updated last year
- AWS STS token decoder☆46Mar 18, 2025Updated 11 months ago
- HASH (HTTP Agnostic Software Honeypot)☆141Updated this week
- ☆12Apr 22, 2025Updated 10 months ago
- An extensible machine learning model store and model transformation and distribution service☆14Mar 12, 2023Updated 2 years ago
- Audit log wall of shame.☆42Aug 20, 2025Updated 6 months ago
- Slack bot which promotes Defense in Depth/Zero Trust security practices☆24Jan 17, 2023Updated 3 years ago
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…☆174Feb 22, 2026Updated last week
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆173Updated this week
- ☆190Feb 8, 2026Updated 3 weeks ago
- Centralizing AWS CloudWatch log forwarding via EventBridge and Step Functions☆48Feb 12, 2023Updated 3 years ago
- Automated testing, generation & manipulation of #osquery packs☆74Oct 16, 2024Updated last year
- ☆21Apr 17, 2023Updated 2 years ago
- Enumerate Location Services using CoreLocation API on macOS☆18Dec 2, 2021Updated 4 years ago
- ☆30Jan 13, 2026Updated last month
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆101Jan 12, 2024Updated 2 years ago
- Built-in Panther detection rules and policies☆439Updated this week
- CDK app to setup an isolated AWS network to experiment with ways of exfiltrating data☆18Nov 18, 2021Updated 4 years ago
- Security Alert Decoration☆27Jul 21, 2025Updated 7 months ago
- ☆15Jul 20, 2022Updated 3 years ago
- GCP CSPM using Google Sheets☆38Apr 4, 2025Updated 10 months ago
- Get notified when actions are taken in the AWS Console.☆330Jan 20, 2025Updated last year
- This is a collection of threat detection rules / rules engines that I have come across.☆296May 5, 2024Updated last year
- Crowdsourced list of sensitive IAM Actions☆159Oct 29, 2024Updated last year
- Granular, Actionable Adversary Emulation for the Cloud☆2,267Updated this week
- Collection of example YARA-L rules for use within Google Security Operations☆473Dec 5, 2025Updated 2 months ago
- Dynamically generate and hunt with Lacework LQL queries quickly and efficiently☆27Sep 29, 2023Updated 2 years ago
- ☆40Nov 29, 2024Updated last year
- Command line tool for working with Panther rules and policies☆48Updated this week
- A public collection of detections designed to detect threats associated with the Okta WIC Platform.☆14Jan 5, 2026Updated last month
- ☆169Sep 30, 2025Updated 5 months ago
- A collection of models for organizing, prioritizing, and understanding cybersecurity and information risk management concepts.☆25Oct 3, 2024Updated last year
- IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.☆106Nov 24, 2023Updated 2 years ago
- Lab environment to accompany Boundary Vault Integration Quickstart Learn tutorial.☆22Nov 25, 2024Updated last year
- cloudgrep is grep for cloud storage☆326Feb 26, 2025Updated last year