op7ic / amphuntLinks
This repository contains advanced threat hunting scripts for Cisco Secure Endpoint API. The scripts leverage the AMP API to hunt for threats, analyze endpoint behavior, and detect potential compromises across the environment using API version 0 and 1.
☆14Updated 3 months ago
Alternatives and similar repositories for amphunt
Users that are interested in amphunt are comparing it to the libraries listed below
Sorting:
- THOR MITRE ATT&CK Framework Coverage☆25Updated 5 years ago
- Triage automation for suspect URLs☆13Updated 6 years ago
- PowerShell Memory Pulling script☆19Updated 10 years ago
- ☆13Updated 6 years ago
- A simple ReST server to lookup threat actors (by name, synonym or UUID) and returning the corresponding MISP galaxy information about the…☆49Updated last month
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Updated 4 years ago
- Incident Response Network Tools☆24Updated 4 years ago
- ☆28Updated 3 months ago
- Defence Against the Dark Arts☆34Updated 6 years ago
- Indices for courses in SANS' Network Security Operations curriculum☆16Updated 9 years ago
- Site for IWS book content☆17Updated 6 years ago
- This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.☆35Updated 6 years ago
- The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.☆12Updated 5 years ago
- A few scripts I put together for testing purposes and to automate a few capabilities while doing IR. These scripts are also part of my bl…☆55Updated 7 years ago
- An Installation Script for Bro IDS on Debian Based Systems☆20Updated 5 years ago
- Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.☆17Updated 4 years ago
- Synopsis is a tool to aid analysts reviewing browser history files by providing a high-level “synopsis” of key information.☆21Updated 6 years ago
- ☆30Updated 6 years ago
- OSSEM Modular☆27Updated 5 years ago
- Docker Container to deploy Mitre Caldera Automated Adversary Emulation System☆26Updated 5 years ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 3 years ago
- Knowledge base of analytics designed to cover threats based on MITRE's ATT&CK.☆23Updated 6 years ago
- pollen - A command-line tool for interacting with TheHive☆36Updated 6 years ago
- A few quick recipes for those that do not have much time during the day☆22Updated 11 months ago
- Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.☆45Updated 5 years ago
- Integrating Sysinternals Autoruns’ logs into Security Onion☆31Updated last year
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Updated 7 years ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 4 years ago
- ☆39Updated 5 years ago
- Python parser for Red Canary's Atomic Red Team Yamls☆27Updated 6 years ago