op7ic / amphuntLinks
This repository contains advanced threat hunting scripts for Cisco Secure Endpoint API. The scripts leverage the AMP API to hunt for threats, analyze endpoint behavior, and detect potential compromises across the environment using API version 0 and 1.
☆14Updated last month
Alternatives and similar repositories for amphunt
Users that are interested in amphunt are comparing it to the libraries listed below
Sorting:
- Triage automation for suspect URLs☆13Updated 6 years ago
- ☆39Updated 5 years ago
- This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.☆34Updated 6 years ago
- THOR MITRE ATT&CK Framework Coverage☆25Updated 5 years ago
- An Installation Script for Bro IDS on Debian Based Systems☆20Updated 5 years ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 3 years ago
- ☆13Updated 5 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Updated 4 years ago
- Incident Response Network Tools☆24Updated 4 years ago
- Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.☆17Updated 4 years ago
- automate your MISP installs☆68Updated 5 years ago
- PowerShell Memory Pulling script☆19Updated 10 years ago
- Defence Against the Dark Arts☆34Updated 5 years ago
- A simple ReST server to lookup threat actors (by name, synonym or UUID) and returning the corresponding MISP galaxy information about the…☆49Updated last year
- Splunk App to assist Sysmon Threat Hunting☆38Updated 8 years ago
- ☆28Updated last month
- A few scripts I put together for testing purposes and to automate a few capabilities while doing IR. These scripts are also part of my bl…☆55Updated 7 years ago
- Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.☆44Updated 5 years ago
- Integrating Sysinternals Autoruns’ logs into Security Onion☆31Updated last year
- A simple many-rules to many-files YARA scanner for incident response or malware zoos.☆26Updated 7 years ago
- Docker Container to deploy Mitre Caldera Automated Adversary Emulation System☆26Updated 4 years ago
- Automatic Sender Policy Framework Reconnaissance☆19Updated 7 years ago
- pollen - A command-line tool for interacting with TheHive☆35Updated 6 years ago
- Maltego transform for visualizing Nessus scan data☆47Updated 5 years ago
- ☆46Updated 2 years ago
- A collection of hunting and blue team scripts. Mostly others, some my own.☆37Updated 2 years ago
- An extendable tool to extract and aggregate IoCs from threat feeds☆33Updated last year
- Snapshot, patch, health-check, and potentially roll-back Windows VMs☆34Updated 7 years ago
- A tool to assess data quality, built on top of the awesome OSSEM.☆78Updated 3 years ago
- Wrap any binary into a cached webserver☆53Updated 3 years ago