jymcheong / SysmonResourcesLinks
Consolidation of various resources related to Microsoft Sysmon & sample data/log
☆112Updated 3 years ago
Alternatives and similar repositories for SysmonResources
Users that are interested in SysmonResources are comparing it to the libraries listed below
Sorting:
- ATT&CK Remote Threat Hunting Incident Response☆203Updated 7 months ago
- Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana☆296Updated 10 months ago
- Misc Threat Hunting Resources☆373Updated 2 years ago
- Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-Cradle…☆309Updated 3 years ago
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆208Updated 5 years ago
- This is a repository for freq.py and freq_server.py☆209Updated 5 years ago
- Public Repo for Atomic Test Harness☆275Updated 3 months ago
- Blue Team detection lab created with Terraform and Ansible in Azure.☆162Updated 8 months ago
- Atomic Purple Team Framework and Lifecycle☆299Updated 4 years ago
- Tools for simulating threats☆191Updated last year
- Zeek Log Cheatsheets☆295Updated last week
- Scripts to facilitate filtering with Plaso☆126Updated 5 years ago
- A list of my personal projects☆178Updated 2 years ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆287Updated last year
- Splunk Boss of the SOC version 2 dataset.☆387Updated 2 years ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆153Updated 4 months ago
- Build a attack range in your local machine☆131Updated 2 years ago
- DigitalShadows Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆38Updated 6 years ago
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆568Updated 3 years ago
- Useful network monitoring, analysis, and active response tools used or mentioned in the SANS SEC503 course (https://www.sans.org/course/i…☆232Updated 7 months ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆327Updated 2 months ago
- Indexes for SANS Courses and GIAC Certifications☆254Updated last year
- Get all my software☆166Updated 2 months ago
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆527Updated 2 years ago
- ☆304Updated 4 years ago
- Dump of organized knowledge on DFIR☆135Updated 3 years ago
- OSSEM Detection Model☆176Updated 2 years ago
- A python script developed to process Windows memory images based on triage type.☆263Updated last year
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆223Updated 4 months ago
- Zerofox Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆38Updated 5 years ago