nccgroup / JA3_outlier
Incremental Machine Leaning by example - Detecting suspicious activity in real time with Zeek data streams, River and JA3 hashes
☆15Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for JA3_outlier
- A few quick recipes for those that do not have much time during the day☆21Updated last week
- Conceptual Methods for Finding Commonalities in Macho Files☆12Updated 7 months ago
- Presentation materials for talks I've given.☆20Updated 5 years ago
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge base☆23Updated 2 years ago
- ☆12Updated 3 years ago
- Threat Detection Rules (Snort/Sigma/Yara)☆13Updated 9 months ago
- Converts Sigma detection rules to a Splunk alert configuration.☆13Updated 3 years ago
- Splunk Technology-AddOn for Aurora Sigma-Based EDR Agent. It helps parse and configure the necessary inputs to neatly consume Aurora EDR …☆13Updated 2 years ago
- Links to malware-related YARA rules☆14Updated 2 years ago
- A list of IOCs applicable to PoshC2☆24Updated 4 years ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 3 years ago
- A tool to help malware analysts signature unique parts of RTF documents☆29Updated 9 months ago
- Log aggregation, analysis, alerting and correlation for Windows, Syslog and text based logs.☆25Updated 8 years ago
- Threat hunting with EQL and Bro. This repo contains modifications to EQL and EQLLib to use BRO logs.☆8Updated 5 years ago
- Searches for Insider Threat Hunting☆30Updated 5 years ago
- A set of tools for collecting forensic information☆26Updated 4 years ago
- ☆11Updated 3 years ago
- Indicators of Normality☆12Updated 2 years ago
- Send High & New Incidents to The Hive incident management Platform☆17Updated 3 years ago
- MISP sighting server is a fast sighting server to store and look-up sightings on attributes (network indicators, file hashes, system indi…☆15Updated 10 months ago
- ☆24Updated 2 years ago
- Windows Security Logging☆43Updated 2 years ago
- A collection of Indicators of Compromise (IoCs), most aligning with samples derived from the signatures in the YARA-Signatures repo☆30Updated 4 years ago
- ☆19Updated 4 years ago
- Integration between MISP platform and McAfee MVISION EDR☆14Updated 2 years ago
- Tools related to work with Attack Flow (https://github.com/center-for-threat-informed-defense/attack-flow)☆43Updated 2 years ago
- An extension of the sigma standard to include security metrics.☆15Updated last year
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆76Updated 2 years ago
- Globally distributed honeypots and HoneyNets IOCs and file reversing☆16Updated 6 months ago
- Old home of LimaCharlie, open source EDR☆28Updated last year