microsoft / msticpyLinks
Microsoft Threat Intelligence Security Tools
☆1,903Updated last week
Alternatives and similar repositories for msticpy
Users that are interested in msticpy are comparing it to the libraries listed below
Sorting:
- Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK☆1,073Updated 10 months ago
- Detect Tactics, Techniques & Combat Threats☆2,207Updated 2 months ago
- Sample queries for Advanced hunting in Microsoft 365 Defender☆2,030Updated 3 years ago
- Re-play Security Events☆1,682Updated last year
- Open Source Security Events Metadata (OSSEM)☆1,275Updated 2 years ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆943Updated 2 years ago
- Splunk Security Content☆1,508Updated this week
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,560Updated this week
- Windows Events Attack Samples☆2,424Updated 2 years ago
- Cyber Analytics Repository☆962Updated 4 months ago
- Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by devel…☆685Updated last month
- A repository of curated datasets from various attacks☆679Updated this week
- A knowledge base of actionable Incident Response techniques☆650Updated 3 years ago
- Hunting queries and detections☆838Updated 3 weeks ago
- Cyber Threat Intelligence Repository expressed in STIX 2.0☆1,954Updated 2 months ago
- Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.☆601Updated this week
- Actionable analytics designed to combat threats☆1,001Updated 3 years ago
- Scripts and a (future) library to improve users' interactions with the ATT&CK content☆586Updated last year
- A python module for working with ATT&CK☆601Updated this week
- Sophos-originated indicators-of-compromise from published reports☆633Updated 2 months ago
- ReversingLabs YARA Rules☆858Updated 2 weeks ago
- A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE AT…☆1,199Updated 2 weeks ago
- Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysi…☆1,286Updated 2 years ago
- A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.☆891Updated last year
- A framework for developing alerting and detection strategies for incident response.☆794Updated last month
- TrustedSec Sysinternals Sysmon Community Guide☆1,235Updated 2 months ago
- A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…☆2,360Updated this week
- ☆2,335Updated last year
- A repository of sysmon configuration modules☆2,873Updated last year
- A Splunk app mapped to MITRE ATT&CK to guide your threat hunts☆1,165Updated 2 years ago