invictus-ir / o365_datasetView external linksLinks
A dataset containing Office 365 Unified Audit Logs for security research and detection
☆60Jun 7, 2022Updated 3 years ago
Alternatives and similar repositories for o365_dataset
Users that are interested in o365_dataset are comparing it to the libraries listed below
Sorting:
- ☆73Oct 21, 2024Updated last year
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆31Jul 12, 2023Updated 2 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆23Oct 9, 2024Updated last year
- The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…☆277Feb 2, 2021Updated 5 years ago
- 🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.☆14May 22, 2024Updated last year
- Repository with supporting materials for Invictus Academy/Training☆44Jan 3, 2025Updated last year
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆198Jan 6, 2026Updated last month
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆173Jan 30, 2026Updated 2 weeks ago
- A dataset with CloudTrail events from an attack simulation using Stratus.☆24Jul 12, 2023Updated 2 years ago
- ☆21Nov 19, 2025Updated 2 months ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆219Oct 26, 2025Updated 3 months ago
- ☆30Jan 13, 2026Updated last month
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆103Jan 13, 2026Updated last month
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆765Jan 15, 2026Updated last month
- Kerberos Haters Guide to Zeek Threat Hunting☆34Oct 14, 2021Updated 4 years ago
- ☆11Dec 9, 2025Updated 2 months ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- Malicious traffic detection system☆11Nov 2, 2022Updated 3 years ago
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- 2021 SANS DFIR Summit: Greppin' Logs☆20Oct 30, 2025Updated 3 months ago
- Snort_rules detection bad actors.☆29Aug 18, 2024Updated last year
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆80Jan 6, 2026Updated last month
- /ˈhäjˌpäj/ "a confused mixture."☆13Updated this week
- my MSTICpy practice and custom tools repository☆11Apr 23, 2025Updated 9 months ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆266Feb 3, 2022Updated 4 years ago
- KQL queries for Incident Response☆14Oct 31, 2023Updated 2 years ago
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 3 months ago
- Network analysis with Wireshark, is the topic in this repo!☆14May 6, 2023Updated 2 years ago
- Static Decryptor for IcedID Malware☆18Oct 1, 2022Updated 3 years ago
- A web scraper to create MISP events and reports☆17Jun 30, 2025Updated 7 months ago
- SmartResponse plugin development.☆15Sep 25, 2019Updated 6 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Scripts for Looking up OUIs or Vendor information from MAC addresses☆11Dec 24, 2023Updated 2 years ago
- A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.☆33Jul 23, 2024Updated last year
- Rapid7 Labs operates as the division of Rapid7 focused on threat research. It is renowned for providing comprehensive threat intelligence…☆76Dec 15, 2025Updated 2 months ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆191Oct 29, 2025Updated 3 months ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- Documentation and scripts to properly enable Windows event logs.☆671Oct 3, 2025Updated 4 months ago