invictus-ir / ALFALinks
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆164Updated 5 months ago
Alternatives and similar repositories for ALFA
Users that are interested in ALFA are comparing it to the libraries listed below
Sorting:
- ☆95Updated 2 years ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆76Updated last year
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆112Updated 8 months ago
- Anvilogic Forge☆105Updated last week
- A tool that allows you to document and assess any security automation in your SOC☆46Updated 9 months ago
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆147Updated last year
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆205Updated 10 months ago
- A preconfigured Velociraptor triage collector☆52Updated this week
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆47Updated 2 months ago
- ☆138Updated last week
- A POC to implement Detection-as-Code with Terraform and Sumo Logic.☆29Updated 2 years ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆115Updated 3 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated last year
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆83Updated last year
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆57Updated 3 years ago
- A repository of my own Sigma detection rules.☆160Updated 10 months ago
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆187Updated 10 months ago
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆53Updated 2 years ago
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆281Updated last year
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆89Updated last year
- ☆65Updated last year
- This is a collection of threat detection rules / rules engines that I have come across.☆293Updated last year
- An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.☆155Updated 5 months ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆66Updated last year
- ☆28Updated 4 months ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆122Updated last year
- An opensource sigma conversion tool built using pysigma☆132Updated last month
- Resources To Learn And Understand SIGMA Rules☆180Updated 2 years ago
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆255Updated 8 months ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆100Updated last year