op7ic / amphuntLinks
This repository contains advanced threat hunting scripts for Cisco Secure Endpoint API. The scripts leverage the AMP API to hunt for threats, analyze endpoint behavior, and detect potential compromises across the environment using API version 0 and 1.
☆14Updated last month
Alternatives and similar repositories for amphunt
Users that are interested in amphunt are comparing it to the libraries listed below
Sorting:
- THOR MITRE ATT&CK Framework Coverage☆24Updated 5 years ago
- ☆13Updated 5 years ago
- Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.☆17Updated 4 years ago
- Integrating Sysinternals Autoruns’ logs into Security Onion☆31Updated last year
- Indices for courses in SANS' Network Security Operations curriculum☆16Updated 9 years ago
- This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.☆34Updated 6 years ago
- Incident Response Network Tools☆24Updated 4 years ago
- Snapshot, patch, health-check, and potentially roll-back Windows VMs☆34Updated 7 years ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 3 years ago
- Triage automation for suspect URLs☆13Updated 6 years ago
- Automatic Sender Policy Framework Reconnaissance☆19Updated 7 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Updated 4 years ago
- ☆30Updated 6 years ago
- PowerShell Memory Pulling script☆19Updated 10 years ago
- Defence Against the Dark Arts☆34Updated 5 years ago
- A simple ReST server to lookup threat actors (by name, synonym or UUID) and returning the corresponding MISP galaxy information about the…☆48Updated last year
- automate your MISP installs☆68Updated 5 years ago
- ☆17Updated 4 years ago
- Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.☆44Updated 4 years ago
- pollen - A command-line tool for interacting with TheHive☆35Updated 6 years ago
- ☆39Updated 5 years ago
- ☆77Updated 6 years ago
- A few scripts I put together for testing purposes and to automate a few capabilities while doing IR. These scripts are also part of my bl…☆55Updated 7 years ago
- Wrap any binary into a cached webserver☆53Updated 3 years ago
- Splunk App to assist Sysmon Threat Hunting☆38Updated 8 years ago
- Python parser for Red Canary's Atomic Red Team Yamls☆27Updated 6 years ago
- ☆32Updated 8 months ago
- OSSEC Decoder & Rulesets for Sysmon Events☆15Updated 10 years ago
- An Installation Script for Bro IDS on Debian Based Systems☆20Updated 5 years ago
- Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.☆69Updated last year