invictus-ir / ALFA
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆145Updated last week
Related projects ⓘ
Alternatives and complementary repositories for ALFA
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆97Updated 8 months ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆179Updated 2 months ago
- ☆87Updated 2 years ago
- A tool that allows you to document and assess any security automation in your SOC☆41Updated 3 weeks ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆62Updated 6 months ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆182Updated this week
- Dettectinator - The Python library to your DeTT&CT YAML files.☆104Updated 2 weeks ago
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆155Updated 2 months ago
- ☆114Updated last year
- Repository of public reference frameworks for the DFIR community.☆109Updated last year
- Anvilogic Forge☆86Updated last week
- BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.☆41Updated last year
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆116Updated 11 months ago
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆48Updated 2 years ago
- ☆1Updated 3 weeks ago
- ☆80Updated 2 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 6 months ago
- Cybersecurity Incident Response Plan☆87Updated 4 years ago
- A repository of my own Sigma detection rules.☆156Updated 2 months ago
- Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques☆123Updated 8 months ago
- Memory Forensic System on Cloud☆87Updated 11 months ago
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆51Updated last year
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆49Updated 2 years ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆94Updated last year
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆193Updated 4 years ago
- ☆66Updated 6 months ago
- Resources for SANS CTI Summit 2021 presentation☆102Updated last year
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆139Updated this week
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆65Updated 8 months ago
- ☆41Updated 2 years ago