opensearch-project / security-analytics
Security Analytics enables users for detecting security threats on their security event log data. It will also allow them to modify/tailor the pre-packaged solution.
☆77Updated this week
Alternatives and similar repositories for security-analytics:
Users that are interested in security-analytics are comparing it to the libraries listed below
- This repo contains example of raw event examples and possible translations to the OCSF schema.☆36Updated 3 weeks ago
- The Sigma command line interface based on pySigma☆144Updated last month
- Automated Forensics Orchestrator for Amazon EC2 is a self-service AWS Solution implementation that enterprise customers can deploy to qui…☆59Updated 2 months ago
- Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogue…☆53Updated last week
- This repository contains a few examples of actions that can be added to rules within Elastic Security.☆22Updated 2 weeks ago
- Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …☆121Updated 7 months ago
- ☆20Updated this week
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆51Updated 2 years ago
- Anvilogic Forge☆93Updated this week
- OCSF Documentation☆123Updated this week
- ☆88Updated last year
- Translate an ECS mapping CSV to starter pipelines for Beats, Elasticsearch or Logstash☆54Updated 2 years ago
- SIEM Logstash parsing for more than hundred technologies☆183Updated this week
- OCSF Schema WEB Server☆45Updated this week
- ☆14Updated 7 months ago
- ☆48Updated this week
- ☆32Updated 3 months ago
- Released at Black Hat Asia on April 18, 2024, Cloud Console Cartographer is a framework for condensing groupings of cloud events (e.g. Cl…☆161Updated 9 months ago
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆156Updated this week
- Docker image for MISP☆122Updated last month
- SIEGMA - Transform Sigma rules into SIEM consumables☆146Updated last year
- pySigma backend for generating Grafana Loki/LogQL rules☆38Updated last week
- ☆18Updated 3 years ago
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆168Updated 5 months ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆67Updated 9 months ago
- ☆255Updated 2 months ago
- Open source endpoint agent providing host information to Zeek. [v2]☆75Updated 4 months ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated 2 weeks ago
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆143Updated last year
- An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.☆140Updated this week