Alternatives and similar repositories for kafka-sigma-streams

Users that are interested in kafka-sigma-streams are comparing it to the libraries listed below

• berthayes / cp-zeek
  Analyze Zeek IDS data with ksqlDB running on Confluent Platform via Docker on your laptop. Or spin up an arbitrary number of AWS hosts, …
  ☆11Updated 3 years ago
• humio / security_monitoring
  ☆42Updated 2 years ago
• aacgood / Cortex-Analyzers
  A collection of Cortex Analyzers and Responders for TheHive/Cortex
  ☆13Updated 5 years ago
• bentleymi / ChatGPT-4-Splunk
  Splunk TA for sending completion requests to ChatGPT
  ☆25Updated last year
• counteractive / o365beat
  Elastic Beat for fetching and shipping Office 365 audit events
  ☆68Updated 5 years ago
• inodee / spl-to-kql
  The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…
  ☆43Updated 4 years ago
• Nclose-ZA / elastalert_hive_alerter
  This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.
  ☆27Updated 4 years ago
• nturley3 / zeek-kerberos-haters-guide
  Kerberos Haters Guide to Zeek Threat Hunting
  ☆31Updated 3 years ago
• mdecrevoisier / Splunk-input-windows-baseline
  Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…
  ☆94Updated 2 months ago
• jokezone / Update-Sysmon
  This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.
  ☆82Updated 2 years ago
• LDO-CERT / mans_to_es
  Parses the FireEye HX .mans triage collections and sends them to ElasticSearch
  ☆15Updated 2 years ago
• LaresLLC / SysmonConfigPusher
  Pushes Sysmon Configs
  ☆88Updated 4 years ago
• olafhartong / TA-Sysmon-deploy
  Deploy and maintain Symon through the Splunk Deployment Sever
  ☆30Updated 5 years ago
• OTRF / Set-AuditRule
  Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity
  ☆94Updated 3 years ago
• splunk / TA-osquery
  A Splunk technology add-on for osquery
  ☆14Updated 2 weeks ago
• FalconForceTeam / KQLAnalyzer
  REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
  ☆38Updated last month
• high101bro / PoSh-EasyWin
  PowerShell - Endpoint Analysis Solution Your Windows Intranet Needs
  ☆48Updated 9 months ago
• SentineLabs / S1QL-Queries
  ☆65Updated 2 years ago
• MHaggis / sysmon-splunk-app
  Sysmon Splunk App
  ☆47Updated 7 years ago
• thremulation-station / thremulation-station
  Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.
  ☆38Updated last year
• socprime / soc_workflow_app_ce
  SOC Workflow App helps Security Analysts and Threat Hunters explore suspicious events, look into raw events arriving at the Elastic Stack…
  ☆94Updated 3 years ago
• Neo23x0 / sysmon-version-history
  An Inofficial Sysmon Version History (Change Log)
  ☆33Updated 4 years ago
• Velocidex / evtx-data
  Publicly shareable windows event log message data
  ☆27Updated 5 years ago
• j91321 / ansible-role-sysmon
  Ansible role for installing Sysmon with popular config files included.
  ☆25Updated 2 years ago
• olafhartong / MDE-AuditCheck
  MDE relies on some of the Audit settings to be enabled
  ☆99Updated 3 years ago
• airbus-cert / ntTraceControl
  Powershell Event Tracing Toolbox
  ☆77Updated 3 years ago
• HASecuritySolutions / LogCampaign
  Provides detection capabilities and log conversion to evtx or syslog capabilities
  ☆54Updated 3 years ago
• CCXLabs / CCXDigger
  The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cybe…
  ☆45Updated 5 years ago
• olafhartong / WDACme
  A WDAC configuration repository with the sole intention of enriching MDE
  ☆29Updated 3 months ago
• corelight / raspi-corelight
  Corelight@Home script
  ☆44Updated last year