mvelazc0 / Oriana
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
☆175Updated 3 years ago
Related projects: ⓘ
- Main Build directory☆176Updated 5 years ago
- Mitre Att&ck Technique Emulation☆82Updated 5 years ago
- PowerShell No Agent Hunting☆107Updated 6 years ago
- Test Blue Team detections without running any attack.☆269Updated 4 months ago
- Automated, Collection, and Enrichment Platform☆322Updated 4 years ago
- Threat Alert Logic Repository☆88Updated 5 years ago
- Collecting & Hunting for IOCs with gusto and style☆235Updated 3 years ago
- Tools for the Computer Incident Response Team☆141Updated 7 years ago
- ☆344Updated 3 years ago
- Understanding ATT&CK Matrix for Enterprise☆79Updated 6 years ago
- Assimilate is a series of scripts for using the Naïve Bayes algorithm to find potential malicious activity in HTTP headers☆90Updated 6 years ago
- Query and report user logons relations from MS Windows Security Events☆240Updated 6 years ago
- Primary data pipelines for intrusion detection, security analytics and threat hunting☆86Updated 2 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆158Updated 5 years ago
- A MITRE Caldera plugin written in Python 3 used to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files…☆71Updated 2 years ago
- Log Entry to Sigma Rule Converter☆105Updated 2 years ago
- ☆80Updated this week
- Searches For Threat Hunting and Security Analytics☆238Updated 3 years ago
- Powershell Threat Hunting Module☆274Updated 7 years ago
- Office365 Log Analysis Framework☆81Updated 5 years ago
- IR-Tools - PowerShell tools for IR☆128Updated 7 years ago
- Python script to decode common encoded PowerShell scripts☆214Updated 6 years ago
- Serverless, low cost, threat intel aggregation for enterprise or personal use, backed by ElasticSearch.☆139Updated last year
- Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environments☆391Updated 6 months ago
- Automated Tactics Techniques & Procedures☆251Updated last year
- All the IOC's I have gathered which are used directly involved coronavirus / covid-19 / SARS-CoV-2 cyber attack campaigns☆65Updated 3 years ago
- ☆158Updated 3 years ago
- A Splunk app to use MISP in background☆109Updated 8 months ago
- Cuckoo Sandbox is an automated dynamic malware analysis system☆106Updated 4 years ago
- Invoke-LiveResponse☆145Updated 2 years ago