jymcheong / SysmonResourcesLinks
Consolidation of various resources related to Microsoft Sysmon & sample data/log
☆117Updated 4 years ago
Alternatives and similar repositories for SysmonResources
Users that are interested in SysmonResources are comparing it to the libraries listed below
Sorting:
- This is a repository for freq.py and freq_server.py☆211Updated 5 years ago
- Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana☆299Updated this week
- Splunk code (SPL) for serious threat hunters and detection engineers.☆287Updated last year
- Atomic Purple Team Framework and Lifecycle☆298Updated 4 years ago
- Misc Threat Hunting Resources☆374Updated 2 years ago
- Splunk Boss of the SOC version 2 dataset.☆403Updated 2 years ago
- Build a attack range in your local machine☆131Updated 2 years ago
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆212Updated 5 years ago
- ATT&CK Remote Threat Hunting Incident Response☆204Updated 10 months ago
- Tools for simulating threats☆193Updated last year
- A list of my personal projects☆177Updated 3 years ago
- Zeek Log Cheatsheets☆297Updated 2 months ago
- Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-Cradle…☆307Updated 4 years ago
- Public Repo for Atomic Test Harness☆279Updated 6 months ago
- DigitalShadows Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆44Updated 6 years ago
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆572Updated 3 years ago
- Blue Team detection lab created with Terraform and Ansible in Azure.☆166Updated 11 months ago
- Indexes for SANS Courses and GIAC Certifications☆262Updated last year
- Scripts to facilitate filtering with Plaso☆127Updated 5 years ago
- Useful network monitoring, analysis, and active response tools used or mentioned in the SANS SEC503 course (https://www.sans.org/course/i…☆241Updated 9 months ago
- OSSEM Detection Model☆180Updated 3 years ago
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆392Updated 9 months ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆238Updated 6 months ago
- #ThreatHunting #DFIR #Malware #Detection Mind Maps☆303Updated 3 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆335Updated last week
- ☆306Updated 5 years ago
- These are open source rules that can be utilized with QRadar to detect various types of threats in the environment.☆56Updated 6 years ago
- ☆427Updated last year
- SIEGMA - Transform Sigma rules into SIEM consumables☆156Updated 7 months ago
- Tool Analysis Result Sheet☆355Updated 7 years ago