invictus-ir / ALFA
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆154Updated last month
Alternatives and similar repositories for ALFA:
Users that are interested in ALFA are comparing it to the libraries listed below
- ☆93Updated 2 years ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆65Updated 8 months ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆188Updated 4 months ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆108Updated 2 months ago
- A tool that allows you to document and assess any security automation in your SOC☆45Updated 2 months ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆193Updated 2 weeks ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆107Updated 2 weeks ago
- An opensource sigma conversion tool built using pysigma☆113Updated last month
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆167Updated 4 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 8 months ago
- Anvilogic Forge☆89Updated last week
- A repository to share publicly available Velociraptor detection content☆124Updated this week
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆52Updated last year
- This is a collection of threat detection rules / rules engines that I have come across.☆279Updated 8 months ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆115Updated last year
- LotL RMM☆117Updated last week
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆143Updated last year
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆177Updated this week
- A repository of my own Sigma detection rules.☆157Updated 4 months ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆85Updated last year
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆266Updated 11 months ago
- Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques☆131Updated 11 months ago
- ☆4Updated 3 months ago
- BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.☆41Updated 2 years ago
- ☆86Updated 5 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆35Updated last month
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆60Updated 9 months ago
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆77Updated last year
- ☆42Updated 2 years ago
- ☆65Updated 8 months ago