Alternatives and similar repositories for security-analytics

Users that are interested in security-analytics are comparing it to the libraries listed below

• ExabeamLabs / Content-Library-CIM2
  ☆21Updated last month
• zeek / zeek-agent-v2
  Open source endpoint agent providing host information to Zeek. [v2]
  ☆80Updated this week
• ocsf / governance
  ☆32Updated 5 months ago
• ocsf / examples
  This repo contains example of raw event examples and possible translations to the OCSF schema.
  ☆38Updated 3 weeks ago
• SumoLogic / cloud-siem-content-catalog
  ☆23Updated last week
• Shuffle / workflows
  Workflows for Shuffle
  ☆22Updated 2 years ago
• UncoderIO / Uncoder_IO
  An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
  ☆153Updated 2 months ago
• juaromu / wazuh
  ☆19Updated 3 years ago
• UncoderIO / Roota
  Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …
  ☆127Updated 9 months ago
• FoxIO-LLC / LogSlash
  A standard for reducing log volume without sacrificing analytical capability
  ☆204Updated 2 months ago
• invictus-ir / aws-cheatsheet
  A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.
  ☆73Updated last year
• Shuffle / python-apps
  Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:
  ☆110Updated last month
• runreveal / sigmalite
  ☆43Updated 2 months ago
• SigmaHQ / sigma-cli
  The Sigma command line interface based on pySigma
  ☆153Updated last month
• grafana / pySigma-backend-loki
  pySigma backend for generating Grafana Loki/LogQL rules
  ☆45Updated 2 weeks ago
• google / osdfir-infrastructure
  Helm charts for running open source digital forensic tools in Kubernetes
  ☆94Updated 2 weeks ago
• SigmaHQ / sigma-specification
  Sigma rule specification
  ☆134Updated 2 months ago
• anvilogic-forge / armory
  Anvilogic Forge
  ☆103Updated last week
• SygniaLabs / Mirage
  ☆73Updated last month
• OTRF / OSSEM-CDM
  OSSEM Common Data Model
  ☆55Updated 2 years ago
• ocsf / ocsf-docs
  OCSF Documentation
  ☆129Updated last week
• NUKIB / misp
  Docker image for MISP
  ☆127Updated last month
• invictus-ir / ALFA
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆162Updated 2 months ago
• davidljohnson / SigGen
  ☆15Updated last year
• 3CORESec / SIEGMA
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆149Updated 2 months ago
• elastic / ecs-mapper
  Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash
  ☆54Updated 3 years ago
• center-for-threat-informed-defense / attack-workbench-rest-api
  An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…
  ☆46Updated 2 weeks ago
• aws-samples / jupyter-notebook-for-incident-response
  A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…
  ☆147Updated last year
• dwillowtree / diana
  Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )
  ☆181Updated 8 months ago
• mitre / saf
  The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools…
  ☆150Updated last week