This program exports MITRE ATT&CK framework in ELK dashboard
☆80Dec 8, 2022Updated 3 years ago
Alternatives and similar repositories for attack-to-elk
Users that are interested in attack-to-elk are comparing it to the libraries listed below
Sorting:
- OSSEM Modular☆27Jun 29, 2020Updated 5 years ago
- Python libary to normalize Yara signatures☆19Oct 9, 2020Updated 5 years ago
- Kibana app for RedELK☆18Mar 19, 2023Updated 3 years ago
- Table Top Exercise (TTX) for Computer Security Incident Response (CSIRT) teams. The templatized artifacts provided will hopefully help te…☆44Sep 8, 2020Updated 5 years ago
- This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.☆22Jan 30, 2018Updated 8 years ago
- Code and Slides of my BSides London 2019 presentation about Attacker Emulation using CALDERA☆22Jun 9, 2019Updated 6 years ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆33Updated this week
- Python Script to access ATT&CK content available in STIX via a public TAXII server☆568Dec 19, 2025Updated 3 months ago
- Web UI for testing Elastic Beats processors☆18Feb 22, 2026Updated 3 weeks ago
- A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework☆356Nov 3, 2020Updated 5 years ago
- ☆29Feb 16, 2021Updated 5 years ago
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆111Feb 6, 2020Updated 6 years ago
- Open-source framework to detect outliers in Elasticsearch events☆205May 22, 2023Updated 2 years ago
- Script for automating Linux memory capture and analysis☆13May 6, 2020Updated 5 years ago
- This batch script file wants to check your EDR systems detection and response capabilities in a more noisy way!☆12Jul 3, 2020Updated 5 years ago
- A curated list of tools, papers and techniques for Windows exploitation and incident response.☆41Apr 10, 2016Updated 9 years ago
- Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques t…☆122May 28, 2025Updated 9 months ago
- CSIRT Jump Bag☆27Apr 25, 2024Updated last year
- Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK☆1,080Nov 28, 2024Updated last year
- Test Blue Team detections without running any attack.☆272May 2, 2024Updated last year
- Searches open files shares for password files, database backups, etc. Extend as you see fit☆29Dec 13, 2019Updated 6 years ago
- A Splunk app mapped to MITRE ATT&CK to guide your threat hunts☆1,174Jul 26, 2023Updated 2 years ago
- MAL-CL (Malicious Command-Line)☆322Jan 10, 2023Updated 3 years ago
- Parser for Windows Scheduled Task files.☆13Apr 26, 2023Updated 2 years ago
- MineMeld nodes for MISP☆19Jan 23, 2024Updated 2 years ago
- ☆134Mar 21, 2024Updated last year
- Threat Feed Aggregation, Made Easy☆169Jul 13, 2020Updated 5 years ago
- Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.☆19Sep 10, 2020Updated 5 years ago
- Powerful XML<->JSON JavaScript mapping library.☆15Nov 17, 2025Updated 4 months ago
- ☆14Mar 5, 2021Updated 5 years ago
- Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets☆143Oct 12, 2020Updated 5 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆86Jun 23, 2025Updated 8 months ago
- Tool for analysis of Windows Prefetch files☆26Nov 11, 2018Updated 7 years ago
- ☆24Nov 3, 2019Updated 6 years ago
- Detect Tactics, Techniques & Combat Threats☆2,268Jan 21, 2026Updated last month
- ☆24Sep 28, 2022Updated 3 years ago
- Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020☆323Jan 22, 2021Updated 5 years ago
- Standalone CIRCLean/KittenGroomer code to sanitize emails.☆11Aug 9, 2018Updated 7 years ago
- Scripts to threat optics stack quickly / abbreviated and automated. Run after APT-Lab-Terraform☆13Oct 24, 2020Updated 5 years ago