Alternatives and similar repositories for mstic:

Users that are interested in mstic are comparing it to the libraries listed below

• ashwin-patil / blue-teaming-with-kql
  Repository with Sample KQL Query examples for Threat Hunting
  ☆202Updated 2 years ago
• PwC-IR / Office-365-Extractor
  The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
  ☆259Updated 2 years ago
• microsoft / AzDetectSuite
  A collection of ARM-based detections for Azure/AzureAD based TTPs
  ☆82Updated last year
• OTRF / infosec-jupyter-book
  The Infosec Community Definitive Guide to Jupyter Notebooks
  ☆120Updated 4 years ago
• Azure / MDTI-Solutions
  Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product
  ☆78Updated 4 months ago
• f-bader / AzSentinelQueries
  Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
  ☆78Updated last week
• wortell / KQL
  KQL queries for Advanced Hunting
  ☆167Updated 5 years ago
• siriussecurity / dettectinator
  Dettectinator - The Python library to your DeTT&CT YAML files.
  ☆107Updated this week
• MicrosoftDocs / security
  Public repo to sync with security-pr
  ☆214Updated this week
• randomaccess3 / Awesome-BEC
  Repository of attack and defensive information for Business Email Compromise investigations
  ☆237Updated last month
• lawndoc / AdvancedHuntingQueries
  Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
  ☆115Updated 5 months ago
• microsoft / EventLogExpert
  ☆129Updated this week
• reprise99 / kql-for-dfir
  A guide to using Azure Data Explorer and KQL for DFIR
  ☆98Updated 2 years ago
• OTRF / OSSEM-DD
  OSSEM Data Dictionaries
  ☆59Updated 4 months ago
• The-DFIR-Report / Sigma-Rules
  Rules generated from our investigations.
  ☆188Updated 2 months ago
• OTRF / OSSEM-DM
  OSSEM Detection Model
  ☆174Updated 2 years ago
• ANSSI-FR / DFIR-O365RC
  PowerShell module for Office 365 and Azure log collection
  ☆253Updated 2 months ago
• Cloud-Architekt / AzureSentinel
  Sharing my KQL queries for Azure Sentinel
  ☆144Updated last month
• jangeisbauer / AdvancedHunting
  Advanced Hunting Queries for Microsoft Security Products
  ☆106Updated 2 years ago
• OTRF / Blacksmith
  Building environments to replicate small networks and deploy applications
  ☆318Updated last year
• inodee / spl-to-kql
  The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…
  ☆39Updated 4 years ago
• eshlomo1 / Microsoft-Sentinel-SecOps
  Microsoft Sentinel SOC Operations
  ☆244Updated 6 months ago
• center-for-threat-informed-defense / insider-threat-ttp-kb
  The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders…
  ☆142Updated 4 months ago
• le0li9ht / Microsoft-Sentinel-Queries
  KQL queries for cyber defense and for solving daily issues
  ☆46Updated 3 months ago
• microsoft / msticpy-lab
  A lab environment for learning about MSTICPy
  ☆36Updated last year
• mbabinski / Sigma-Rules
  A repository of my own Sigma detection rules.
  ☆156Updated 4 months ago
• microsoft / Azure-Threat-Research-Matrix
  ☆71Updated 7 months ago
• miladaslaner / AdvHuntingCheatSheet
  Microsoft Threat Protection Advance Hunting Cheat Sheet
  ☆78Updated 4 years ago
• invictus-ir / Microsoft-Extractor-Suite
  A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
  ☆517Updated 3 weeks ago
• alexverboon / Hunting-Queries-Detection-Rules
  KQL Queries. Microsoft Defender, Microsoft Sentinel
  ☆117Updated last month