murchisd / splunk_pstree_app
Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
☆23Updated 2 years ago
Alternatives and similar repositories for splunk_pstree_app:
Users that are interested in splunk_pstree_app are comparing it to the libraries listed below
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆76Updated last year
- Automatic detection engineering technical state compliance☆55Updated 9 months ago
- Library of threat hunts to get any user started!☆44Updated 4 years ago
- Recon Hunt Queries☆77Updated 3 years ago
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆38Updated last year
- pySigma Splunk backend☆38Updated 2 months ago
- The Intelligent Process Lifecycle of Active Cyber Defenders☆31Updated 2 years ago
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆76Updated 3 years ago
- ShellSweeping the evil.☆52Updated 10 months ago
- A pySigma wrapper to manage detection rules.☆37Updated 2 weeks ago
- ☆21Updated last year
- Automated detection rule analysis utility☆29Updated 2 years ago
- Jupyter Notebooks for Cyber Threat Intelligence☆35Updated last year
- ☆19Updated 2 years ago
- YARA rule analyzer to improve rule quality and performance☆99Updated 2 weeks ago
- OSSEM Data Dictionaries☆59Updated 3 months ago
- Threat Detection & Anomaly Detection rules for popular open-source components☆51Updated 2 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆72Updated 3 years ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆67Updated last year
- Web app that provides basic navigation and annotation of ATT&CK matrices☆16Updated 4 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆20Updated 6 months ago
- ☆87Updated last year
- Import specific data sources into the Sigma generic and open signature format.☆78Updated 2 years ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆38Updated last month
- Simple PowerShell script to enable process scanning with Yara.☆93Updated 2 years ago
- A repository of Sysmon For Linux configuration modules☆15Updated 3 years ago
- ☆34Updated 6 months ago
- My conference presentations☆66Updated last year
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge base☆23Updated 2 years ago
- A collection of tips for using MISP.☆74Updated 4 months ago