microsoft / MSTIC-SysmonLinks
Anything Sysmon related from the MSTIC R&D team
☆153Updated last year
Alternatives and similar repositories for MSTIC-Sysmon
Users that are interested in MSTIC-Sysmon are comparing it to the libraries listed below
Sorting:
- ☆68Updated 4 months ago
- OSSEM Data Dictionaries☆61Updated 5 months ago
- ☆130Updated last year
- Sysmon EDR POC Build within Powershell to prove ability.☆225Updated 4 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆203Updated 2 years ago
- Blueteam operational triage registry hunting/forensic tool.☆148Updated 2 years ago
- OSSEM Detection Model☆176Updated 2 years ago
- Sigma rules from Joe Security☆216Updated 7 months ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆154Updated 3 years ago
- Rules generated from our investigations.☆195Updated last week
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆91Updated 2 weeks ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆167Updated 2 years ago
- YARA rule analyzer to improve rule quality and performance☆102Updated 2 months ago
- Powershell module for VMWare vSphere forensics☆152Updated 7 months ago
- MDE relies on some of the Audit settings to be enabled☆98Updated 2 years ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆151Updated 3 months ago
- YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA☆104Updated last month
- Detection Ideas & Rules repository.☆179Updated 3 years ago
- Active C&C Detector☆154Updated last year
- Technical add-on for Splunk related to TheHive/Cortex from TheHive project☆53Updated 2 months ago
- Full of public notes and Utilities☆117Updated 4 months ago
- My conference presentations☆66Updated last year
- The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson☆154Updated 2 years ago
- ☆87Updated last year
- Dettectinator - The Python library to your DeTT&CT YAML files.☆114Updated 2 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated last year
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆79Updated last month
- A python script developed to process Windows memory images based on triage type.☆262Updated last year
- Signature engine for all your logs☆170Updated last year
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆93Updated 3 years ago