invictus-ir / Sigma-AWSLinks
This repository contains the research and components of our research into using Sigma for AWS Incident Response.
☆29Updated last year
Alternatives and similar repositories for Sigma-AWS
Users that are interested in Sigma-AWS are comparing it to the libraries listed below
Sorting:
- The Event Maturity Matrix (EMM) is a comprehensive framework that provides clarity regarding the capabilities and nuances of SaaS audit l…☆21Updated 9 months ago
- ☆18Updated 3 years ago
- Invictus Threat Intelligence: IOCs and TTPs from blogs, research and more☆11Updated last week
- A POC to implement Detection-as-Code with Terraform and Sumo Logic.☆29Updated last year
- ☆40Updated this week
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆23Updated this week
- ☆27Updated 2 years ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆74Updated last year
- Sharing Threat Hunting runbooks☆25Updated 5 years ago
- HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…☆16Updated 11 months ago
- Workflows for Shuffle☆23Updated 2 years ago
- AWSATT&CK adds MITRE ATT&CK context and additional logging capabilities to Rhino Security Labs's open-source AWS exploitation framework, …☆45Updated 4 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆20Updated 7 months ago
- ☆19Updated 3 years ago
- ☆33Updated 7 years ago
- pocket guide for core detection engineering concepts☆28Updated 2 years ago
- ☆29Updated 6 months ago
- Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.☆35Updated 2 years ago
- Incident Response Report Using GitHub-Sphinx☆20Updated 5 years ago
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆39Updated last year
- Defending IaaS with ATT&CK is a project to create a collection of ATT&CK techniques relevant to a Linux IaaS environment, as well as a me…☆14Updated this week
- A preconfigured Velociraptor triage collector☆52Updated last week
- ☆47Updated last month
- Anvilogic Forge☆104Updated last week
- A PoC to Simulate Ransomware Attack on AWS Environment☆31Updated 7 months ago
- Attack Range to test detection against nativel serverless cloud services and environments☆35Updated 3 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Updated 3 months ago
- Generates runbooks for GuardDuty findings☆35Updated 11 months ago
- Jupyter notebooks☆25Updated 4 years ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆20Updated last year