murchisd / splunk_pstree_app
Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
☆23Updated 2 years ago
Alternatives and similar repositories for splunk_pstree_app:
Users that are interested in splunk_pstree_app are comparing it to the libraries listed below
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆76Updated last year
- Library of threat hunts to get any user started!☆42Updated 4 years ago
- Automated detection rule analysis utility☆29Updated 2 years ago
- Automatic detection engineering technical state compliance☆55Updated 9 months ago
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆38Updated last year
- The Intelligent Process Lifecycle of Active Cyber Defenders☆31Updated 2 years ago
- ☆87Updated last year
- Converts Sigma detection rules to a Splunk alert configuration.☆13Updated 3 years ago
- Simple PowerShell script to enable process scanning with Yara.☆93Updated 2 years ago
- OSSEM Data Dictionaries☆59Updated 2 months ago
- YARA rule analyzer to improve rule quality and performance☆98Updated 3 months ago
- simple webapp for converting sigma rules into siem queries using the pySigma library☆47Updated last year
- Recon Hunt Queries☆76Updated 3 years ago
- ShellSweeping the evil.☆52Updated 9 months ago
- pySigma Splunk backend☆36Updated last month
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆44Updated 3 years ago
- Import specific data sources into the Sigma generic and open signature format.☆78Updated 2 years ago
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆76Updated 3 years ago
- Jupyter Notebooks for Cyber Threat Intelligence☆36Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆145Updated last year
- ☆44Updated last year
- ☆33Updated 5 months ago
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)☆33Updated last year
- My conference presentations☆66Updated last year
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆63Updated 2 years ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆52Updated last year
- Python library for threat intelligence☆85Updated 2 months ago
- Scripts to integrate DFIR-IRIS, MISP and TimeSketch☆34Updated 3 years ago
- ☆21Updated last year
- Detection Ideas & Rules repository.☆179Updated 3 years ago