morrigan / user-behavior-anomaly-detector
User anomaly detector based on logs generated by Osquery framework and machine learning to process those logs.
☆33Updated 7 years ago
Related projects: ⓘ
- This use case aims to leverage stream reasoning techniques and the concept of semantic importance to detect one attacking type of the ins…☆22Updated 7 years ago
- A completely automated anomaly detector Zeek network flows files (conn.log).☆72Updated last month
- Utility for parsing Bro log files into CSV or JSON format☆41Updated last year
- CTI database generator and public dataset☆21Updated 4 years ago
- DGA Domain Detection using Bigram Frequency Analysis☆52Updated 7 years ago
- Mapping NSM rules to MITRE ATT&CK☆68Updated 4 years ago
- Data sets and examples for Jask Labs Blackhat 2017 Handout: Top 10 Machine Learning Cyber Security Use Cases☆30Updated 7 years ago
- The stratosphere testing framework is mean to help in the researching and verification of the behavioral models used by the Stratoshpere …☆50Updated 6 years ago
- DGA Domains detection☆62Updated 6 years ago
- A collection of resources for security data☆39Updated 6 years ago
- A framework for the Analysis of Intrusion Detection Alerts☆16Updated 2 years ago
- A series of labs that will help users apply various data science techniques to security related data.☆130Updated 9 years ago
- An anomaly-based intrusion detection system.☆81Updated last year
- Network timing evaluation used to detect beacons, works with argus flow as the source☆18Updated 8 years ago
- Generate STIX XML from OpenIOC XML☆89Updated 5 years ago
- Sweet, sweet, secrepo.com html.☆133Updated 2 years ago
- Bro/Zeek integration with osquery☆95Updated 3 years ago
- A tool to extract structured cyber information from incident reports.☆78Updated 6 years ago
- Graph Representation of MITRE ATT&CK's CTI data☆47Updated 4 years ago
- MulVAL: A logic-based, data-driven enterprise network security analyzer - Originally developed at Kansas State University, updated for Cy…☆31Updated 4 months ago
- Insider Threat Detection using Isolation Forest☆16Updated 6 years ago
- Detecting DNS Spoofing, DNS Tunneling, DNS Exfiltration☆35Updated 8 years ago
- My notes on various topics☆64Updated 11 months ago
- Detection of malicious domains via character co-occurrence analysis in URL's.☆9Updated 8 years ago
- Classifier to separate legitimate domains from those generated by a domain generating algorithm (DGA).☆42Updated 7 years ago
- A web-based tool to assist the work of the intuitive threat analysts.☆110Updated 5 years ago
- Detection of malware using dynamic behavior and Windows audit logs☆77Updated 9 years ago
- CybOX Schemas and Schema Development☆42Updated 7 years ago
- ☆32Updated 6 years ago
- SIAC is an enterprise SIEM built on open-source technology.☆114Updated 5 years ago