olafhartong / sysmon-modular-linux
A repository of Sysmon For Linux configuration modules
☆15Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for sysmon-modular-linux
- ☆41Updated 7 months ago
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆40Updated 4 years ago
- Automated detection rule analysis utility☆29Updated 2 years ago
- Automatic detection engineering technical state compliance☆51Updated 4 months ago
- Threat Mitigation Strategies☆25Updated last year
- A list of Mitre Caldera compatible emulation-plans☆14Updated 3 years ago
- Microsoft GPO Readiness Lateral Movement Detection Tool☆16Updated last year
- ☆37Updated 2 years ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 2 years ago
- A list of IOCs applicable to PoshC2☆24Updated 4 years ago
- Library of threat hunts to get any user started!☆40Updated 4 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆13Updated 3 years ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆18Updated last year
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆25Updated 2 years ago
- Incident Response Report Using GitHub-Sphinx☆19Updated 5 years ago
- Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE☆26Updated 6 months ago
- Windows Security Logging☆43Updated 2 years ago
- Placeholder for my detection repo and misc detection engineering content☆43Updated last year
- OSSEM Modular☆27Updated 4 years ago
- A collection of hunting and blue team scripts. Mostly others, some my own.☆38Updated last year
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆20Updated last month
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆23Updated 3 years ago
- ☆25Updated 3 years ago
- Hundred Days of Yara Challenge☆12Updated 2 years ago
- ShellSweeping the evil.☆52Updated 5 months ago
- BloodHound Data Scanner☆44Updated 4 years ago
- A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.☆15Updated 3 weeks ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆88Updated 2 years ago
- Repository for SPEED SIEM Use Case Framework☆52Updated 4 years ago
- Splunk Technology-AddOn for Aurora Sigma-Based EDR Agent. It helps parse and configure the necessary inputs to neatly consume Aurora EDR …☆13Updated 2 years ago