op7ic / amphuntLinks
This repository contains advanced threat hunting scripts for Cisco Secure Endpoint API. The scripts leverage the AMP API to hunt for threats, analyze endpoint behavior, and detect potential compromises across the environment using API version 0 and 1.
☆14Updated 3 months ago
Alternatives and similar repositories for amphunt
Users that are interested in amphunt are comparing it to the libraries listed below
Sorting:
- ☆13Updated 5 years ago
- Triage automation for suspect URLs☆13Updated 6 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Updated 4 years ago
- This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.☆34Updated 6 years ago
- ☆39Updated 5 years ago
- Incident Response Network Tools☆24Updated 4 years ago
- A simple ReST server to lookup threat actors (by name, synonym or UUID) and returning the corresponding MISP galaxy information about the…☆49Updated last month
- THOR MITRE ATT&CK Framework Coverage☆25Updated 5 years ago
- ☆28Updated 3 months ago
- Integrating Sysinternals Autoruns’ logs into Security Onion☆31Updated last year
- A few scripts I put together for testing purposes and to automate a few capabilities while doing IR. These scripts are also part of my bl…☆55Updated 7 years ago
- OSSEC Decoder & Rulesets for Sysmon Events☆15Updated 10 years ago
- PowerShell Memory Pulling script☆19Updated 10 years ago
- Snapshot, patch, health-check, and potentially roll-back Windows VMs☆34Updated 7 years ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 3 years ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 4 years ago
- ☆30Updated 6 years ago
- Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.☆17Updated 4 years ago
- automate your MISP installs☆68Updated 5 years ago
- Use DNS to hunt for threats including DGAs☆15Updated 9 years ago
- Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.☆45Updated 5 years ago
- Splunk App to assist Sysmon Threat Hunting☆38Updated 8 years ago
- Defence Against the Dark Arts☆34Updated 6 years ago
- Git for me to put all my forensics stuff☆23Updated last month
- repo for sharing stuff☆17Updated 3 months ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆23Updated 4 years ago
- Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.☆69Updated last year
- pollen - A command-line tool for interacting with TheHive☆35Updated 6 years ago
- incident response scripts☆19Updated 6 years ago
- Wrap any binary into a cached webserver☆55Updated 3 years ago