Alternatives and similar repositories for attack-to-elk

Users that are interested in attack-to-elk are comparing it to the libraries listed below

• corelight / ecs-mapping

  View on GitHub
  Mapping Corelight or Zeek data to Elastic Common Schema fields
  ☆34Nov 3, 2025Updated 3 months ago
• secgroundzero / ossem_modular

  View on GitHub
  OSSEM Modular
  ☆27Jun 29, 2020Updated 5 years ago
• fastlorenzo / redelk-kibana-app

  View on GitHub
  Kibana app for RedELK
  ☆18Mar 19, 2023Updated 2 years ago
• chrislee35 / yaratool

  View on GitHub
  Python libary to normalize Yara signatures
  ☆19Oct 9, 2020Updated 5 years ago
• blacklanternsecurity / enter_the_matrix

  View on GitHub
  ETM enables the creation of detailed attack graphs and figures while calculating the risk associated with your attack narratives. ETM was…
  ☆26Mar 3, 2023Updated 2 years ago
• olafhartong / ATTACKdatamap

  View on GitHub
  A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
  ☆355Nov 3, 2020Updated 5 years ago
• threatsimgpt-AI / ThreatSimGPT

  View on GitHub
  ☆536Feb 3, 2026Updated last week
• n0dec / MalwLess

  View on GitHub
  Test Blue Team detections without running any attack.
  ☆272May 2, 2024Updated last year
• P4T12ICK / Sigma-Hunting-App

  View on GitHub
  A Splunk App containing Sigma detection rules, which can be updated from a Git repository.
  ☆111Feb 6, 2020Updated 6 years ago
• OTRF / ATTACK-Python-Client

  View on GitHub
  Python Script to access ATT&CK content available in STIX via a public TAXII server
  ☆569Dec 19, 2025Updated last month
• DefensiveOrigins / APT06202001

  View on GitHub
  Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020
  ☆323Jan 22, 2021Updated 5 years ago
• analyzeDFIR / analyzePF

  View on GitHub
  Tool for analysis of Windows Prefetch files
  ☆26Nov 11, 2018Updated 7 years ago
• wietze / bsides-ldn-2019

  View on GitHub
  Code and Slides of my BSides London 2019 presentation about Attacker Emulation using CALDERA
  ☆22Jun 9, 2019Updated 6 years ago
• kk0m4k / docker-forensics

  View on GitHub
  ☆24Nov 3, 2019Updated 6 years ago
• jstnk9 / TIBER-Cases

  View on GitHub
  TIBER-Cases is a project created to give cases of The Hive platform for Threat Intelligence Analysts mainly. All the cases are mapped to …
  ☆27Jul 13, 2022Updated 3 years ago
• jbudacki / TTX-Template

  View on GitHub
  Table Top Exercise (TTX) for Computer Security Incident Response (CSIRT) teams. The templatized artifacts provided will hopefully help te…
  ☆44Sep 8, 2020Updated 5 years ago
• NVISOsecurity / ee-outliers

  View on GitHub
  Open-source framework to detect outliers in Elasticsearch events
  ☆208May 22, 2023Updated 2 years ago
• omriher / Whatype

  View on GitHub
  Independent file type identification python library
  ☆12Mar 16, 2023Updated 2 years ago
• honeydbio / honeydb-python

  View on GitHub
  HoneyDB Python Module
  ☆14Feb 6, 2024Updated 2 years ago
• inzlain / sameuser

  View on GitHub
  Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual
  ☆14Jul 13, 2022Updated 3 years ago
• Yara-Rules / yara-tester-bot

  View on GitHub
  Telegram Bot that performs checks of the yararules.com ruleset
  ☆13May 13, 2016Updated 9 years ago
• alphaSeclab / malware-ioc-hash

  View on GitHub
  Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.
  ☆19Sep 10, 2020Updated 5 years ago
• terry-wen / Network-Visualization-Project

  View on GitHub
  Network visualizer tool built using Processing
  ☆24Jun 23, 2021Updated 4 years ago
• jordisk / TheHive2Sigma

  View on GitHub
  Python script to automatically create sigma rules from The hive observables
  ☆25Mar 17, 2019Updated 6 years ago
• securitydistractions / elastimispstash

  View on GitHub
  ☆29Feb 16, 2021Updated 4 years ago
• sfakiana / SANS-CTI-Summit-2021

  View on GitHub
  Resources for SANS CTI Summit 2021 presentation
  ☆104Nov 8, 2023Updated 2 years ago
• OTRF / detection-hackathon-apt29

  View on GitHub
  Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets
  ☆145Oct 12, 2020Updated 5 years ago
• elastiflow / elastiflow_for_elasticsearch

  View on GitHub
  A solution for using the ElastiFlow Unified Collector with the Elastic Stack (Elasticsearch and Kibana).
  ☆25Nov 10, 2025Updated 3 months ago
• 3c7 / infrastructure-tracking-schema

  View on GitHub
  ☆24Sep 28, 2022Updated 3 years ago
• chihebchebbi / Sentinel2Attack

  View on GitHub
  ☆14Mar 5, 2021Updated 4 years ago
• jamesbcook / ducky_lsass_dump

  View on GitHub
  ☆12Sep 4, 2013Updated 12 years ago
• spaceraccoon / serverless-recon-example

  View on GitHub
  Example of a serverless web reconaissance workflow's AWS architecture.
  ☆11Feb 25, 2023Updated 2 years ago
• WithSecureLabs / FLAIR

  View on GitHub
  F-Secure Lightweight Acqusition for Incident Response (FLAIR)
  ☆16Jul 5, 2021Updated 4 years ago
• cpuu / lmc

  View on GitHub
  Script for automating Linux memory capture and analysis
  ☆13May 6, 2020Updated 5 years ago
• fashionproof / SearchOpenFileShares

  View on GitHub
  Searches open files shares for password files, database backups, etc. Extend as you see fit
  ☆29Dec 13, 2019Updated 6 years ago
• edoardogerosa / sentinel-attack

  View on GitHub
  Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
  ☆1,076Nov 28, 2024Updated last year
• TheHive-Project / Hippocampe

  View on GitHub
  Threat Feed Aggregation, Made Easy
  ☆169Jul 13, 2020Updated 5 years ago
• cudeso / CSIRT-Jump-Bag

  View on GitHub
  CSIRT Jump Bag
  ☆27Apr 25, 2024Updated last year
• sumeshi / evtx2es

  View on GitHub
  A library for fast parse & import of Windows Eventlogs into Elasticsearch.
  ☆86Jun 23, 2025Updated 7 months ago