Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
☆24Mar 3, 2023Updated 3 years ago
Alternatives and similar repositories for splunk_pstree_app
Users that are interested in splunk_pstree_app are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆33Feb 26, 2022Updated 4 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆12Jul 1, 2021Updated 4 years ago
- ☆24Mar 12, 2025Updated last year
- Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.☆17Feb 1, 2021Updated 5 years ago
- ☆34Aug 8, 2023Updated 2 years ago
- ☆13Feb 6, 2018Updated 8 years ago
- This is a python script that can be run on each Splunk Indexer for the purpose of exporting historical bucket data (raw events + metadata…☆12Jan 31, 2024Updated 2 years ago
- scripts using splunk application lookup-editor endpoint. Download, upload and update splunk lookups content☆31Jul 1, 2024Updated last year
- SIEGMA - Transform Sigma rules into SIEM consumables☆159Mar 10, 2025Updated last year
- Twitter Search to Cisco Threat Response Casebook [v1.0]☆15Dec 8, 2022Updated 3 years ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆45May 12, 2021Updated 4 years ago
- My experiments in weaponizing Nim (https://nim-lang.org/)☆14Nov 30, 2021Updated 4 years ago
- pySigma Splunk backend☆42Mar 16, 2026Updated last week
- MISP to Splunk Enterprise Security Theat Intelligence Framework Integration☆14Jul 11, 2023Updated 2 years ago
- Mass Triage Tools☆20Mar 10, 2026Updated 2 weeks ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- Knowing which rule should trigger according to the redcannary test☆11Nov 23, 2024Updated last year
- ☆19Aug 6, 2021Updated 4 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- ☆11Oct 13, 2020Updated 5 years ago
- Transform Linux Audit logs for SIEM usage☆821Mar 5, 2026Updated 2 weeks ago
- A script designed to test passwords against user accounts within an Active Directory environment, offering customizable Account Lockout T…☆17Jan 28, 2026Updated last month
- Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at ht…☆24Jun 20, 2023Updated 2 years ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆644Jun 19, 2024Updated last year
- MAL-CL (Malicious Command-Line)☆322Jan 10, 2023Updated 3 years ago
- ☆19Jan 27, 2022Updated 4 years ago
- ☆43May 22, 2021Updated 4 years ago
- Look into EDR events from network☆25Nov 20, 2025Updated 4 months ago
- A little scanner to check the LDAP Signing state☆46Aug 2, 2021Updated 4 years ago
- ☆42Sep 16, 2022Updated 3 years ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆90Sep 16, 2023Updated 2 years ago
- Lokix Platform is a free open-source solution to help blue teams and threat hunters use Loki Scanner to sweep enterprise networks☆25Aug 8, 2020Updated 5 years ago
- This is a sample script how to parse the Talos blogs, and automatically add observables to Cisco Casebook.☆18May 22, 2023Updated 2 years ago
- Ingest demo logs using API and log.ingest access tokens☆15Mar 18, 2026Updated last week
- Converts Sigma detection rules to a Splunk alert configuration.☆115May 18, 2020Updated 5 years ago
- simple webapp for converting sigma rules into siem queries using the pySigma library☆50Sep 1, 2023Updated 2 years ago
- The Intelligent Process Lifecycle of Active Cyber Defenders☆33Jan 1, 2023Updated 3 years ago
- A demontration of disassemblers generated by sleigh2rust☆13Nov 25, 2024Updated last year
- Automatically create YARA rules from malicious documents.☆211May 16, 2022Updated 3 years ago