microsoft / tim-data-investigate-platform
TIM is a Kusto investigation platform that enables a user to quickly pivot between data sources; annotate their findings; and promotes collaboration through shared queries (pivots) and centralized tagged events.
☆21Updated 8 months ago
Alternatives and similar repositories for tim-data-investigate-platform:
Users that are interested in tim-data-investigate-platform are comparing it to the libraries listed below
- A preconfigured Velociraptor triage collector☆51Updated this week
- A high-speed forensic timeline creation tool for DFIR Investigators to quickly combine CSV files from EZ Tools/Kape, Axiom, Hayabusa, Cha…☆42Updated this week
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated 2 months ago
- ☆21Updated 2 years ago
- ☆21Updated 2 months ago
- Remote access and Antivirus Logging Database☆42Updated 11 months ago
- A pySigma wrapper to manage detection rules.☆37Updated last week
- ☆36Updated 4 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆37Updated last month
- USN Journal full path builder☆59Updated 7 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆76Updated last year
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆17Updated last week
- Azure function to insert MISP data in to Azure Sentinel☆32Updated 2 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆86Updated 8 months ago
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆12Updated last month
- Sigma detection rules for hunting with the threathunting-keywords project☆55Updated last month
- ☆72Updated 6 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆52Updated last year
- ☆23Updated 7 months ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆20Updated 6 months ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆105Updated 4 months ago
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated last year
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆15Updated 2 years ago
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆23Updated 2 weeks ago
- Collection of scripts provided for public use☆34Updated last week
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆52Updated 2 years ago
- Hunting Queries for Defender ATP☆81Updated last week
- Tools and scripts to deploy and manage OpenRelik instances☆13Updated 2 months ago
- ☆34Updated 6 months ago
- Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.☆20Updated 3 months ago