Alternatives and similar repositories for security-analytics

Users that are interested in security-analytics are comparing it to the libraries listed below

• SumoLogic / cloud-siem-content-catalog
  ☆26Updated 2 weeks ago
• zeek / zeek-agent-v2
  Open source endpoint agent providing host information to Zeek. [v2]
  ☆83Updated last week
• ExabeamLabs / Content-Library-CIM2
  ☆23Updated last month
• ocsf / examples
  This repo contains example of raw event examples and possible translations to the OCSF schema.
  ☆39Updated 2 weeks ago
• prowler-cloud / py-ocsf-models
  OCSF (https://schema.ocsf.io/) models in Python using Pydantic.
  ☆23Updated last week
• SigmaHQ / sigma-cli
  The Sigma command line interface based on pySigma
  ☆158Updated 2 months ago
• DataDog / workload-security-evaluator
  Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.
  ☆31Updated 8 months ago
• grafana / pySigma-backend-loki
  pySigma backend for generating Grafana Loki/LogQL rules
  ☆45Updated last week
• runreveal / sigmalite
  ☆44Updated 3 months ago
• Cargill / OpenSIEM-Logstash-Parsing
  SIEM Logstash parsing for more than hundred technologies
  ☆185Updated 2 weeks ago
• anvilogic-forge / armory
  Anvilogic Forge
  ☆104Updated 3 weeks ago
• UncoderIO / Uncoder_IO
  An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
  ☆155Updated 4 months ago
• infosecB / detection-as-code
  An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
  ☆57Updated 3 years ago
• corelight / ecs-mapping
  Mapping Corelight or Zeek data to Elastic Common Schema fields
  ☆34Updated this week
• center-for-threat-informed-defense / attack-workbench-rest-api
  An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…
  ☆47Updated this week
• invictus-ir / aws-cheatsheet
  A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.
  ☆74Updated last year
• wiz-sec-public / peach-framework
  PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…
  ☆71Updated 2 years ago
• UncoderIO / Roota
  Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …
  ☆128Updated 11 months ago
• google / osdfir-infrastructure
  Helm charts for running open source digital forensic tools in Kubernetes
  ☆101Updated 2 weeks ago
• invictus-ir / ALFA
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆163Updated 3 months ago
• ocsf / ocsf-server
  OCSF Schema WEB Server
  ☆53Updated last week
• Shuffle / python-apps
  Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:
  ☆113Updated this week
• splunk / contentctl
  Splunk Content Control Tool
  ☆113Updated this week
• SigmaHQ / pySigma
  Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)
  ☆468Updated this week
• panther-labs / panther-analysis
  Built-in Panther detection rules and policies
  ☆397Updated this week
• davidljohnson / SigGen
  ☆15Updated last year
• CERN-CERT / pDNSSOC
  Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.
  ☆51Updated 5 months ago
• ocsf / ocsf-docs
  OCSF Documentation
  ☆129Updated last week
• wagov / wasocshared
  WA Cyber Security Unit (DGOV Technical) site
  ☆37Updated this week
• sttor / awesome-osquery
  Osquery Resources
  ☆60Updated 5 years ago