michalpurzynski / suricata-rules
Example Suricata rules implementing some of my detection tactics
☆20Updated last year
Related projects: ⓘ
- A few quick recipes for those that do not have much time during the day☆21Updated 3 weeks ago
- Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…☆17Updated 4 years ago
- Build Automated Machine Images for MISP☆28Updated last year
- ☆12Updated 4 years ago
- A set of tools and procedures for automating NSM and NIDS deployments in AWS☆16Updated 3 years ago
- Acheron is a RESTful vulnerability assessment and management framework built around search and dedicated to terminal extensibility.☆30Updated last year
- Threat hunting repo for my independent study on threat hunting with OSQuery☆28Updated 6 years ago
- Workflows for Shuffle☆20Updated last year
- These are some of the commands which I use frequently during Malware Analysis and DFIR.☆25Updated 8 months ago
- Subscriptions to collect Windows Event Logs mapped to the MITRE ATT&CK model☆12Updated 3 years ago
- Osquery Packs we use for customer security hardening☆12Updated 6 months ago
- Sharing Threat Hunting runbooks☆24Updated 5 years ago
- Sysmon Tools for PowerShell☆12Updated 6 years ago
- Generic Signature Format for SIEM Systems☆14Updated 2 years ago
- A python script to acquire multiple aws ec2 instances in a forensically sound-ish way☆37Updated 2 years ago
- Automatic detection engineering technical state compliance☆49Updated 2 months ago
- ☆15Updated 2 years ago
- A packer utility to create and capture DFIR Image for use AWS & Azure☆14Updated 4 years ago
- TITO is a light framework for operationalizing threat intelligence that is platform and data agnostic.☆20Updated 4 years ago
- ☆33Updated 3 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆51Updated 3 years ago
- Threat Hunting with ELK Workshop (InfoSecWorld 2017)☆64Updated 6 years ago
- Triage automation for suspect URLs☆13Updated 5 years ago
- ☆10Updated 3 years ago
- Check IOC provided by a MISP instance on Suricata events☆17Updated 5 years ago
- pollen - A command-line tool for interacting with TheHive☆34Updated 5 years ago
- A repository of Sysmon For Linux configuration modules☆14Updated 2 years ago
- Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt☆36Updated last year
- YETI (Your Everyday Threat Intelligence) Integration to Elastic Stack☆15Updated 3 years ago
- SIEM-From-Scratch is a drop-in ELK based SIEM component for your Vagrant infosec lab☆37Updated 4 years ago