invictus-ir / ALFA
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆162Updated 2 months ago
Alternatives and similar repositories for ALFA
Users that are interested in ALFA are comparing it to the libraries listed below
Sorting:
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆200Updated 8 months ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆73Updated last year
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆111Updated 5 months ago
- ☆94Updated 2 years ago
- Anvilogic Forge☆103Updated this week
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆38Updated last month
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆113Updated this week
- A preconfigured Velociraptor triage collector☆51Updated last week
- A tool that allows you to document and assess any security automation in your SOC☆46Updated 6 months ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆111Updated last month
- Memory Forensic System on Cloud☆90Updated last year
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆109Updated last year
- ☆7Updated 6 months ago
- ☆53Updated last month
- A repository of my own Sigma detection rules.☆158Updated 8 months ago
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆147Updated last year
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆122Updated last year
- An opensource sigma conversion tool built using pysigma☆125Updated 4 months ago
- A repository to share publicly available Velociraptor detection content☆163Updated this week
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆81Updated last year
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated 11 months ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆212Updated last month
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆53Updated 2 years ago
- ☆88Updated 3 months ago
- Notes on responding to security breaches relating to Azure AD☆111Updated 3 years ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆94Updated last year
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆88Updated last year
- A POC to implement Detection-as-Code with Terraform and Sumo Logic.☆27Updated last year
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆67Updated last year
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆190Updated 7 months ago