invictus-ir / Blue-team-app-Office-365-and-Azure
☆72Updated 4 months ago
Alternatives and similar repositories for Blue-team-app-Office-365-and-Azure:
Users that are interested in Blue-team-app-Office-365-and-Azure are comparing it to the libraries listed below
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆50Updated 2 years ago
- ☆41Updated last year
- A PowerShell incident response script for quick triage☆78Updated 2 years ago
- Pushes Sysmon Configs☆89Updated 3 years ago
- Notes on responding to security breaches relating to Azure AD☆100Updated 2 years ago
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- Azure function to insert MISP data in to Azure Sentinel☆31Updated 2 years ago
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆39Updated 4 years ago
- Advanced Hunting Queries for Microsoft Security Products☆106Updated 2 years ago
- Hunting Queries for Defender ATP☆80Updated 3 months ago
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 10 months ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆83Updated 6 months ago
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆25Updated 3 years ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆52Updated last year
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆112Updated last year
- Microsoft Threat Protection Advance Hunting Cheat Sheet☆79Updated 4 years ago
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…�☆39Updated 4 years ago
- Full of public notes and Utilities☆97Updated last week
- ☆57Updated last year
- A repository to share publicly available Velociraptor detection content☆126Updated this week
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated last week
- ☆5Updated 3 months ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆62Updated last month
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 5 months ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆90Updated 3 weeks ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆51Updated last year
- ☆26Updated 3 years ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆55Updated 2 weeks ago
- A WDAC configuration repository with the sole intention of enriching MDE☆28Updated 2 years ago
- MISP to Sentinel integration☆62Updated 2 months ago