jymcheong / SysmonResourcesLinks
Consolidation of various resources related to Microsoft Sysmon & sample data/log
☆114Updated 3 years ago
Alternatives and similar repositories for SysmonResources
Users that are interested in SysmonResources are comparing it to the libraries listed below
Sorting:
- Misc Threat Hunting Resources☆374Updated 2 years ago
- ATT&CK Remote Threat Hunting Incident Response☆203Updated 8 months ago
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆209Updated 5 years ago
- Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana☆298Updated 11 months ago
- A list of my personal projects☆177Updated 3 years ago
- Tools for simulating threats☆192Updated last year
- This is a repository for freq.py and freq_server.py☆209Updated 5 years ago
- Atomic Purple Team Framework and Lifecycle☆299Updated 4 years ago
- Build a attack range in your local machine☆131Updated 2 years ago
- Blue Team detection lab created with Terraform and Ansible in Azure.☆162Updated 9 months ago
- Public Repo for Atomic Test Harness☆276Updated 4 months ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆287Updated last year
- Zeek Log Cheatsheets☆297Updated 2 weeks ago
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆570Updated 3 years ago
- These are open source rules that can be utilized with QRadar to detect various types of threats in the environment.☆55Updated 6 years ago
- Useful network monitoring, analysis, and active response tools used or mentioned in the SANS SEC503 course (https://www.sans.org/course/i…☆235Updated 7 months ago
- Scripts to facilitate filtering with Plaso☆126Updated 5 years ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆154Updated 5 months ago
- DigitalShadows Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆38Updated 6 years ago
- Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-Cradle…☆309Updated 3 years ago
- MAL-CL (Malicious Command-Line)☆316Updated 2 years ago
- Rules generated from our investigations.☆197Updated 2 months ago
- CyLR - Live Response Collection Tool☆685Updated 3 years ago
- ☆64Updated 2 years ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆227Updated 4 months ago
- Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020☆324Updated 4 years ago
- Get all my software☆168Updated 2 months ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆627Updated last year
- Zerofox Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆38Updated 5 years ago
- Repository of SentinelOne Deep Visibility queries.☆130Updated 4 years ago