Alternatives and similar repositories for security-analytics

Users that are interested in security-analytics are comparing it to the libraries listed below

• ExabeamLabs / Content-Library-CIM2
  ☆24Updated this week
• google / osdfir-infrastructure
  Helm charts for running open source digital forensic tools in Kubernetes
  ☆103Updated this week
• SumoLogic / cloud-siem-content-catalog
  ☆26Updated last week
• FoxIO-LLC / LogSlash
  A standard for reducing log volume without sacrificing analytical capability
  ☆206Updated 4 months ago
• zeek / zeek-agent-v2
  Open source endpoint agent providing host information to Zeek. [v2]
  ☆83Updated last week
• ocsf / examples
  This repo contains example of raw event examples and possible translations to the OCSF schema.
  ☆40Updated last month
• Cargill / OpenSIEM-Logstash-Parsing
  SIEM Logstash parsing for more than hundred technologies
  ☆185Updated this week
• Cisco-Talos / osquery_queries
  Cisco Orbital - Osquery queries by Talos
  ☆134Updated 10 months ago
• runreveal / sigmalite
  ☆44Updated 4 months ago
• mitre / saf
  The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools…
  ☆156Updated this week
• SygniaLabs / Mirage
  ☆73Updated 3 months ago
• ocsf / ocsf-docs
  OCSF Documentation
  ☆132Updated 3 weeks ago
• panther-labs / panther-analysis
  Built-in Panther detection rules and policies
  ☆402Updated last week
• z1pti3 / jimi
  Jimi is an automation first no-code platform designed and developed originally for Security Orchestration and Response. Since its launch …
  ☆165Updated last year
• center-for-threat-informed-defense / attack-workbench-rest-api
  An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…
  ☆48Updated this week
• center-for-threat-informed-defense / mappings-explorer
  Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogue…
  ☆67Updated this week
• SAP / cloud-active-defense
  Add a layer of active defense to your cloud applications.
  ☆93Updated last week
• elastic / elastic-agent
  Elastic Agent - single, unified way to add monitoring for logs, metrics, and other types of data to a host.
  ☆186Updated this week
• sttor / awesome-osquery
  Osquery Resources
  ☆61Updated 5 years ago
• corelight / ecs-mapping
  Mapping Corelight or Zeek data to Elastic Common Schema fields
  ☆34Updated 3 weeks ago
• COSSAS / SOARCA
  SOARCA - The Open Source CACAO-based Security Orchestrator!
  ☆76Updated 2 weeks ago
• chronicle / ingestion-scripts
  ☆33Updated last month
• Shuffle / python-apps
  Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:
  ☆114Updated last week
• aws-samples / jupyter-notebook-for-incident-response
  A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…
  ☆147Updated last year
• invictus-ir / ALFA
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆164Updated 4 months ago
• wazuh / wazuh-api
  Wazuh - RESTful API
  ☆74Updated 10 months ago
• UncoderIO / Uncoder_IO
  An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
  ☆155Updated 4 months ago
• OTRF / OSSEM-CDM
  OSSEM Common Data Model
  ☆56Updated 2 years ago
• SigmaHQ / sigma-cli
  The Sigma command line interface based on pySigma
  ☆157Updated 3 months ago
• wiz-sec-public / peach-framework
  PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…
  ☆71Updated 2 years ago