op7ic / amphuntLinks
Cisco AMP threat hunting scripts
☆14Updated 7 months ago
Alternatives and similar repositories for amphunt
Users that are interested in amphunt are comparing it to the libraries listed below
Sorting:
- Triage automation for suspect URLs☆13Updated 5 years ago
- Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.☆17Updated 4 years ago
- Build your own threat hunting maturity model☆11Updated 7 years ago
- Some rules, scripts of some use to us☆9Updated 7 months ago
- PowerShell Memory Pulling script☆19Updated 10 years ago
- Automatic Sender Policy Framework Reconnaissance☆19Updated 6 years ago
- Defence Against the Dark Arts☆34Updated 5 years ago
- ☆13Updated 5 years ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 4 years ago
- OSSEC Decoder & Rulesets for Sysmon Events☆15Updated 9 years ago
- Use DNS to hunt for threats including DGAs☆15Updated 9 years ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 3 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Updated 4 years ago
- pollen - A command-line tool for interacting with TheHive☆35Updated 6 years ago
- Mass Triage Tools☆20Updated 4 months ago
- DeployREMnux is a Python script that will deploy a cloud instance of the public REMnux distribution in the Amazon cloud (AWS).☆16Updated 5 years ago
- THOR MITRE ATT&CK Framework Coverage☆24Updated 5 years ago
- Indicator of Compromise Scanner for CVE-2019-19781☆94Updated 5 years ago
- Integrating Sysinternals Autoruns’ logs into Security Onion☆31Updated last year
- The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.☆12Updated 4 years ago
- Site for IWS book content☆18Updated 6 years ago
- An extendable tool to extract and aggregate IoCs from threat feeds☆33Updated last year
- ☆16Updated 4 years ago
- A collection of typical false positive indicators☆55Updated 4 years ago
- A collection of searches, interesting events and tables on Crowdstrike Splunk.☆29Updated 4 years ago
- Maltego transform for visualizing Nessus scan data☆47Updated 5 years ago
- automate your MISP installs☆68Updated 4 years ago
- Threat Hunter's Knowledge Base☆22Updated 3 years ago
- Quick & Dirty DFIR scripts developed by Ebryx DFIR team to keep handy during field assignment☆14Updated last week
- Simple Powershell scripts to collect all Windows Event Logs from a host and parse them into one CSV timeline.☆33Updated 6 years ago