opensearch-project / security-analytics
Security Analytics enables users for detecting security threats on their security event log data. It will also allow them to modify/tailor the pre-packaged solution.
☆72Updated this week
Related projects ⓘ
Alternatives and complementary repositories for security-analytics
- OCSF Schema WEB Server☆40Updated last week
- ☆12Updated 6 months ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆61Updated 6 months ago
- Anvilogic Forge☆86Updated this week
- Automated Forensics Orchestrator for Amazon EC2 is a self-service AWS Solution implementation that enterprise customers can deploy to qui…☆58Updated 2 months ago
- An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.☆129Updated this week
- Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …☆116Updated 3 months ago
- ☆67Updated 8 months ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated this week
- ☆16Updated 2 weeks ago
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆148Updated 2 months ago
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆144Updated this week
- Cisco Orbital - Osquery queries by Talos☆122Updated 2 months ago
- This repo contains example of raw event examples and possible translations to the OCSF schema.☆33Updated this week
- Released at Black Hat Asia on April 18, 2024, Cloud Console Cartographer is a framework for condensing groupings of cloud events (e.g. Cl…☆156Updated 5 months ago
- ☆248Updated last month
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆49Updated 2 years ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆82Updated 9 months ago
- Elastic Security Documentation☆67Updated this week
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆141Updated 11 months ago
- OCSF Documentation☆119Updated 2 weeks ago
- The Sigma command line interface based on pySigma☆134Updated 3 months ago
- Open source endpoint agent providing host information to Zeek. [v2]☆65Updated 2 weeks ago
- Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogue…☆40Updated last month
- SIEM Logstash parsing for more than hundred technologies☆181Updated this week
- Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash☆54Updated 2 years ago
- Helm charts for running open source digital forensic tools in Kubernetes☆76Updated last week
- A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat …☆175Updated 2 months ago
- Automation tool for Windows Deception Host Burn-In☆76Updated 4 months ago
- ☆31Updated 7 months ago