invictus-ir / ALFA
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆161Updated 3 weeks ago
Alternatives and similar repositories for ALFA:
Users that are interested in ALFA are comparing it to the libraries listed below
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆70Updated 10 months ago
- ☆93Updated 2 years ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆198Updated 6 months ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆110Updated 4 months ago
- Anvilogic Forge☆95Updated this week
- A preconfigured Velociraptor triage collector☆46Updated last week
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆53Updated last year
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆147Updated last year
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆274Updated last year
- A repository of my own Sigma detection rules.☆157Updated 6 months ago
- A repository to share publicly available Velociraptor detection content☆139Updated this week
- A tool that allows you to document and assess any security automation in your SOC☆46Updated 5 months ago
- SentinelOne STAR Rules☆58Updated last month
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆118Updated last year
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…☆164Updated 5 months ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆110Updated 2 months ago
- An opensource sigma conversion tool built using pysigma☆121Updated 3 months ago
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆176Updated 6 months ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆207Updated this week
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated 10 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆37Updated last week
- ☆65Updated 10 months ago
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆187Updated 6 months ago
- Notes on responding to security breaches relating to Azure AD☆109Updated 3 years ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆91Updated last year
- ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).☆102Updated 6 months ago
- Repository of SentinelOne Deep Visibility queries.☆125Updated 3 years ago
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆51Updated 2 years ago
- Conference presentations☆47Updated last year
- Repository of attack and defensive information for Business Email Compromise investigations☆249Updated 2 months ago