invictus-ir / ALFALinks
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆162Updated 3 months ago
Alternatives and similar repositories for ALFA
Users that are interested in ALFA are comparing it to the libraries listed below
Sorting:
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆74Updated last year
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆201Updated 8 months ago
- ☆95Updated 2 years ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆112Updated 6 months ago
- A tool that allows you to document and assess any security automation in your SOC☆46Updated 7 months ago
- A preconfigured Velociraptor triage collector☆52Updated last week
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆41Updated 3 weeks ago
- Anvilogic Forge☆103Updated this week
- An opensource sigma conversion tool built using pysigma☆129Updated 5 months ago
- A repository of my own Sigma detection rules.☆160Updated 8 months ago
- BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.☆42Updated 2 years ago
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆183Updated 8 months ago
- A repository to share publicly available Velociraptor detection content☆170Updated this week
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated last year
- Dettectinator - The Python library to your DeTT&CT YAML files.☆113Updated last month
- This is a collection of threat detection rules / rules engines that I have come across.☆290Updated last year
- ☆120Updated last week
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆122Updated last year
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆278Updated last year
- Notes on responding to security breaches relating to Azure AD☆111Updated 3 years ago
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆191Updated 8 months ago
- ☆92Updated 2 weeks ago
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆53Updated 2 years ago
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆147Updated last year
- Memory Forensic System on Cloud☆90Updated last year
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆216Updated 2 months ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆88Updated last year
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆133Updated 2 years ago
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆201Updated 5 years ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆97Updated last year