Alternatives and similar repositories for examples

Users that are interested in examples are comparing it to the libraries listed below

• aws-samples / amazon-security-lake-ocsf-validation
  ☆33Updated 3 months ago
• ocsf / ocsf-docs
  OCSF Documentation
  ☆129Updated last week
• runreveal / sigmalite
  ☆44Updated 3 months ago
• shellcromancer / audit-log-wall-of-shame
  Audit log wall of shame.
  ☆41Updated 8 months ago
• jshlbrd / detection-engineering-pocket-guide
  pocket guide for core detection engineering concepts
  ☆28Updated 2 years ago
• zmallen / cloudtrail2sightings
  Convert cloudtrail data to MITRE ATT&CK Sightings
  ☆80Updated 2 years ago
• oasis-open / cti-stix-validator
  OASIS TC Open Repository: Validator for STIX 2.0 JSON normative requirements and best practices
  ☆52Updated 3 months ago
• invictus-ir / ALFA
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆163Updated 3 months ago
• tuckner / automation-capability-matrix
  A tool that allows you to document and assess any security automation in your SOC
  ☆46Updated 7 months ago
• dwillowtree / diana
  Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )
  ☆186Updated 9 months ago
• DataDog / workload-security-evaluator
  Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.
  ☆31Updated 8 months ago
• prowler-cloud / py-ocsf-models
  OCSF (https://schema.ocsf.io/) models in Python using Pydantic.
  ☆23Updated last week
• threat-punter / detection-as-code-example
  A POC to implement Detection-as-Code with Terraform and Sumo Logic.
  ☆29Updated last year
• center-for-threat-informed-defense / attack-workbench-rest-api
  An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…
  ☆47Updated this week
• anvilogic-forge / armory
  Anvilogic Forge
  ☆104Updated 3 weeks ago
• invictus-ir / aws-cheatsheet
  A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.
  ☆74Updated last year
• adanalvarez / TrailDiscover
  An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…
  ☆162Updated 2 weeks ago
• carta / krang
  Knowledge Report Alert & Normalization Generator
  ☆27Updated last year
• splunk / contentctl
  Splunk Content Control Tool
  ☆113Updated this week
• okta / customer-detections
  ☆132Updated last month
• aws-samples / jupyter-notebook-for-incident-response
  A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…
  ☆147Updated last year
• vectra-ai-research / derf
  DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…
  ☆97Updated last year
• Algbra-Labs-OSS / Chronicle
  ☆65Updated last year
• hashicorp-forge / grove
  A Software as a Service (SaaS) log collection framework.
  ☆173Updated this week
• panther-labs / panther_analysis_tool
  Command line tool for working with Panther rules and policies
  ☆39Updated this week
• k-bailey / detection-engineering-maturity-matrix
  ☆95Updated 2 years ago
• gertjanbruggink / metrics
  This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.
  ☆112Updated 7 months ago
• splunk / salo
  Synthetic Adversarial Log Objects: A Framework for synthentic log generation
  ☆82Updated last year
• opencybersecurityalliance / PACE
  Posture Attribute Collection and Evaluation
  ☆23Updated 2 years ago
• CrowdStrike / detection-container
  ☆46Updated last year