murchisd / splunk_pstree_app
Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
☆22Updated last year
Related projects ⓘ
Alternatives and complementary repositories for splunk_pstree_app
- Automated detection rule analysis utility☆29Updated 2 years ago
- Library of threat hunts to get any user started!☆40Updated 4 years ago
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)☆30Updated 10 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆68Updated 11 months ago
- The Intelligent Process Lifecycle of Active Cyber Defenders☆31Updated last year
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆35Updated 11 months ago
- Automatic detection engineering technical state compliance☆50Updated 4 months ago
- Recon Hunt Queries☆75Updated 3 years ago
- Collection of scripts provided for public use☆31Updated 3 weeks ago
- Import specific data sources into the Sigma generic and open signature format.☆77Updated 2 years ago
- Technical add-on for Splunk related to TheHive/Cortex from TheHive project☆49Updated last week
- Attack Range to test detection against nativel serverless cloud services and environments☆35Updated 3 years ago
- Web app that provides basic navigation and annotation of ATT&CK matrices☆16Updated 4 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆72Updated 2 years ago
- Detection Ideas & Rules repository.☆178Updated 3 years ago
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆76Updated 2 years ago
- Repository for SPEED SIEM Use Case Framework☆52Updated 4 years ago
- YARA rule analyzer to improve rule quality and performance☆93Updated 11 months ago
- My conference presentations☆66Updated last year
- ☆31Updated 3 weeks ago
- ☆84Updated 8 months ago
- Python library for threat intelligence☆79Updated 4 months ago
- List of sigma for a variety of threats for multiple log sources.☆11Updated 5 years ago
- ShellSweeping the evil.☆52Updated 4 months ago
- ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, conte…☆72Updated this week
- attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage☆111Updated last year
- Supporting materials for my "Intelligence-Led Adversarial Threat Modelling with VECTR" workshop☆56Updated 3 weeks ago