invictus-ir / ALFALinks
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆168Updated last week
Alternatives and similar repositories for ALFA
Users that are interested in ALFA are comparing it to the libraries listed below
Sorting:
- ☆99Updated 3 years ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆79Updated 2 weeks ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆114Updated last year
- A tool that allows you to document and assess any security automation in your SOC☆48Updated last year
- Anvilogic Forge☆114Updated 4 months ago
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆151Updated 2 years ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆217Updated 2 months ago
- ☆65Updated last year
- A public collection of detections designed to detect threats associated with the Okta WIC Platform.☆12Updated 2 weeks ago
- A repository of my own Sigma detection rules.☆163Updated last month
- Dettectinator - The Python library to your DeTT&CT YAML files.☆119Updated 9 months ago
- A preconfigured Velociraptor triage collector☆73Updated 2 weeks ago
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆286Updated last year
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆59Updated 3 years ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆249Updated 9 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated last year
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆223Updated last year
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆54Updated 2 years ago
- This is a collection of threat detection rules / rules engines that I have come across.☆296Updated last year
- A POC to implement Detection-as-Code with Terraform and Sumo Logic.☆29Updated 2 years ago
- Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …☆132Updated last year
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆70Updated last year
- ☆47Updated 3 years ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆125Updated 2 years ago
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆85Updated 2 years ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆52Updated last week
- Notes on responding to security breaches relating to Azure AD☆120Updated 3 years ago
- The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders…☆147Updated 6 months ago
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆253Updated last year
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆197Updated 2 weeks ago