invictus-ir / ALFA
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆156Updated 2 weeks ago
Alternatives and similar repositories for ALFA:
Users that are interested in ALFA are comparing it to the libraries listed below
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆67Updated 9 months ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆194Updated 5 months ago
- ☆93Updated 2 years ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆109Updated 3 months ago
- Anvilogic Forge☆94Updated this week
- An opensource sigma conversion tool built using pysigma☆117Updated 2 months ago
- A tool that allows you to document and assess any security automation in your SOC☆46Updated 4 months ago
- A repository of my own Sigma detection rules.☆157Updated 5 months ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆116Updated last year
- ☆65Updated 9 months ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆106Updated last year
- Dettectinator - The Python library to your DeTT&CT YAML files.☆108Updated last month
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆35Updated last week
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆144Updated last year
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆76Updated 9 months ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆86Updated last year
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆65Updated 11 months ago
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…☆164Updated 4 months ago
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆78Updated last year
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆205Updated this week
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆52Updated 2 years ago
- Repository of public reference frameworks for the DFIR community.☆115Updated last year
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆128Updated 2 years ago
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆52Updated last year
- Memory Forensic System on Cloud☆89Updated last year
- ☆5Updated 4 months ago
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆185Updated this week
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆171Updated 5 months ago
- A repository to share publicly available Velociraptor detection content☆126Updated this week
- Repository of attack and defensive information for Business Email Compromise investigations☆246Updated last month