olafhartong / detection-sourcesView external linksLinks
☆53Mar 4, 2019Updated 6 years ago
Alternatives and similar repositories for detection-sources
Users that are interested in detection-sources are comparing it to the libraries listed below
Sorting:
- Sysmon config for both Windows and Linux Devices. Windows one is a bit dated☆55Jul 10, 2024Updated last year
- ☆14Feb 8, 2020Updated 6 years ago
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆111Feb 6, 2020Updated 6 years ago
- ☆349Mar 19, 2021Updated 4 years ago
- Threat Alert Logic Repository☆93Feb 7, 2019Updated 7 years ago
- ☆11Jun 11, 2025Updated 8 months ago
- A collection of Cortex Analyzers and Responders for TheHive/Cortex☆13Jan 29, 2020Updated 6 years ago
- An npm package to defang and refang IoC☆12Sep 7, 2025Updated 5 months ago
- Matt's DFIR blog☆14Jul 28, 2025Updated 6 months ago
- A collection of notebooks built for defensive and offensive operations.☆77Oct 13, 2020Updated 5 years ago
- Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation☆15Aug 17, 2018Updated 7 years ago
- Pcaps for PeddleCheap and implant communication + script for interpreting and decrypting pcaps.☆17Nov 29, 2017Updated 8 years ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year
- A Splunk app mapped to MITRE ATT&CK to guide your threat hunts☆1,173Jul 26, 2023Updated 2 years ago
- Actionable analytics designed to combat threats☆1,006May 25, 2022Updated 3 years ago
- A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework☆355Nov 3, 2020Updated 5 years ago
- Splunk Technology Add-On (TA) for collecting ETW events from Windows systems☆17Dec 8, 2022Updated 3 years ago
- Please see other maintained fork:☆17Dec 4, 2025Updated 2 months ago
- Automated Use Case Testing☆171May 1, 2018Updated 7 years ago
- ☆168Jan 20, 2021Updated 5 years ago
- Cyber Analytics Platform and Examination System (CAPES) Project Page☆60Aug 3, 2019Updated 6 years ago
- Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK☆1,077Nov 28, 2024Updated last year
- incident response scripts☆18Mar 4, 2019Updated 6 years ago
- A script to create and assign SOP tasks into the cases☆20Aug 16, 2020Updated 5 years ago
- ☆18Dec 24, 2018Updated 7 years ago
- OSSEM Data Dictionaries☆65Jan 22, 2025Updated last year
- Deploy and maintain Symon through the Splunk Deployment Sever☆32Jul 30, 2020Updated 5 years ago
- Re-play Security Events☆1,723Mar 20, 2024Updated last year
- A DFVFS Backed Forensic Viewer☆42Apr 13, 2020Updated 5 years ago
- ☆20Jan 12, 2022Updated 4 years ago
- Windows Events Attack Samples☆2,507Jan 24, 2023Updated 3 years ago
- KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.☆18Nov 7, 2024Updated last year
- Investigate suspicious activity by visualizing Sysmon's event log☆431Dec 22, 2023Updated 2 years ago
- ☆823Jun 1, 2023Updated 2 years ago
- This repository is a curated list of pro bono incident response entities.☆21Jun 21, 2023Updated 2 years ago
- Test Blue Team detections without running any attack.☆272May 2, 2024Updated last year
- InvestigationPlaybookSpec☆71Sep 26, 2017Updated 8 years ago
- Maintain Windows Persistence with an evil Netshell Helper DLL☆12Jul 28, 2018Updated 7 years ago
- Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.☆19Sep 10, 2020Updated 5 years ago