opensearch-project / security-analytics

Related projects ⓘ

Alternatives and complementary repositories for security-analytics

• corelight / ecs-mapping
  Mapping Corelight or Zeek data to Elastic Common Schema fields
  ☆34Updated 2 weeks ago
• anvilogic-forge / armory
  Anvilogic Forge
  ☆86Updated last week
• center-for-threat-informed-defense / mappings-explorer
  Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogue…
  ☆43Updated last month
• Cisco-Talos / osquery_queries
  Cisco Orbital - Osquery queries by Talos
  ☆123Updated 2 months ago
• invictus-ir / aws-cheatsheet
  A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.
  ☆62Updated 6 months ago
• ocsf / ocsf-server
  OCSF Schema WEB Server
  ☆42Updated this week
• center-for-threat-informed-defense / attack-workbench-rest-api
  An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…
  ☆42Updated 2 weeks ago
• ocsf / examples
  This repo contains example of raw event examples and possible translations to the OCSF schema.
  ☆33Updated 2 weeks ago
• davidljohnson / SigGen
  ☆12Updated 6 months ago
• aws-solutions / automated-forensic-orchestrator-for-amazon-ec2
  Automated Forensics Orchestrator for Amazon EC2 is a self-service AWS Solution implementation that enterprise customers can deploy to qui…
  ☆58Updated 2 months ago
• dwillowtree / diana
  Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )
  ☆157Updated 2 months ago
• ocsf / governance
  ☆31Updated this week
• SigmaHQ / sigma-cli
  The Sigma command line interface based on pySigma
  ☆136Updated 3 months ago
• 3CORESec / SIEGMA
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆141Updated last year
• NUKIB / misp
  Docker image for MISP
  ☆115Updated this week
• opencybersecurityalliance / documentation
  OCA-wide documentation shared by all sub-projects and repositories
  ☆33Updated 3 weeks ago
• panther-labs / tutorials
  Cloud security tutorials and best practices
  ☆38Updated last year
• The-Shadowserver-Foundation / api_utils
  Sample programs to access the API
  ☆61Updated 2 weeks ago
• elastic / ecs-mapper
  Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash
  ☆54Updated 2 years ago
• aws-samples / amazon-security-lake-ocsf-validation
  ☆31Updated 4 months ago
• UncoderIO / Roota
  Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …
  ☆116Updated 4 months ago
• jonrau1 / SyntheticSun
  SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, man…
  ☆76Updated 3 years ago
• elastic / security-action-examples
  This repository contains a few examples of actions that can be added to rules within Elastic Security.
  ☆22Updated 2 years ago
• prowler-cloud / py-ocsf-models
  OCSF (https://schema.ocsf.io/) models in Python using Pydantic.
  ☆15Updated this week
• HKcyberstark / wazuh-ecs
  Parse wazuh[HIDS] alerts into ECS mapping using Filebeat
  ☆27Updated 4 years ago
• Shuffle / openapi-apps
  Swagger/ OpenAPI specifications for security products and services
  ☆73Updated last month
• ExabeamLabs / Content-Library-CIM2
  ☆16Updated 3 weeks ago
• CISecurity / ControlsAssessmentSpecification
  Controls Assessment Specification
  ☆65Updated 5 months ago
• elastic / dorothy
  Dorothy is a tool to test security monitoring and detection for Okta environments
  ☆175Updated 3 months ago
• Security-Onion-Solutions / securityonion-image
  ☆48Updated this week