invictus-ir / ALFA
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆162Updated last month
Alternatives and similar repositories for ALFA:
Users that are interested in ALFA are comparing it to the libraries listed below
- ☆93Updated 2 years ago
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆111Updated 5 months ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆72Updated 11 months ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆198Updated 7 months ago
- Anvilogic Forge☆103Updated this week
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆147Updated last year
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…☆164Updated 6 months ago
- A preconfigured Velociraptor triage collector☆51Updated last week
- A tool that allows you to document and assess any security automation in your SOC☆46Updated 5 months ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆67Updated last year
- A repository of my own Sigma detection rules.☆158Updated 7 months ago
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆177Updated 7 months ago
- ☆65Updated 11 months ago
- An opensource sigma conversion tool built using pysigma☆124Updated 4 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆37Updated last month
- This is a collection of threat detection rules / rules engines that I have come across.☆285Updated 11 months ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆210Updated 3 weeks ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆118Updated last year
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆53Updated last year
- ☆87Updated 2 months ago
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆276Updated last year
- pocket guide for core detection engineering concepts☆28Updated last year
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆88Updated last year
- Dettectinator - The Python library to your DeTT&CT YAML files.☆111Updated 2 weeks ago
- ☆6Updated 5 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated 11 months ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆92Updated last year
- ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).☆108Updated 7 months ago
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆188Updated 6 months ago
- A repository to share publicly available Velociraptor detection content☆156Updated last week