Alternatives and similar repositories for security-analytics

Users that are interested in security-analytics are comparing it to the libraries listed below

• zeek / zeek-agent-v2
  Open source endpoint agent providing host information to Zeek. [v2]
  ☆90Updated 2 weeks ago
• google / osdfir-infrastructure
  Helm charts for running open source digital forensic tools in Kubernetes
  ☆181Updated this week
• SumoLogic / cloud-siem-content-catalog
  ☆29Updated 2 weeks ago
• ocsf / examples
  This repo contains example of raw event examples and possible translations to the OCSF schema.
  ☆52Updated 6 months ago
• FoxIO-LLC / LogSlash
  A standard for reducing log volume without sacrificing analytical capability
  ☆214Updated 11 months ago
• z1pti3 / jimi
  Jimi is an automation first no-code platform designed and developed originally for Security Orchestration and Response. Since its launch …
  ☆169Updated last year
• Shuffle / python-apps
  Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:
  ☆122Updated 3 weeks ago
• SigmaHQ / sigma-cli
  The Sigma command line interface based on pySigma
  ☆176Updated last month
• Cisco-Talos / osquery_queries
  Cisco Orbital - Osquery queries by Talos
  ☆136Updated last year
• runreveal / sigmalite
  ☆51Updated last month
• ocsf / ocsf-docs
  OCSF Documentation
  ☆152Updated last week
• dandye / adk_runbooks
  ☆60Updated this week
• prowler-cloud / py-ocsf-models
  OCSF (https://schema.ocsf.io/) models in Python using Pydantic.
  ☆33Updated last week
• opencybersecurityalliance / kestrel-lang
  Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
  ☆324Updated last year
• The-Shadowserver-Foundation / api_utils
  Sample programs to access the API
  ☆103Updated 2 months ago
• corelight / ecs-mapping
  Mapping Corelight or Zeek data to Elastic Common Schema fields
  ☆34Updated 3 months ago
• infosecB / detection-as-code
  An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
  ☆60Updated 3 years ago
• COSSAS / SOARCA
  SOARCA - The Open Source CACAO-based Security Orchestrator!
  ☆100Updated last week
• center-for-threat-informed-defense / mappings-explorer
  Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogue…
  ☆88Updated last week
• 3CORESec / SIEGMA
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆159Updated 10 months ago
• wazuh / wazuh-agent
  The Wazuh agent for endpoints.
  ☆94Updated 7 months ago
• d3fend / d3fend
  Public static website for the D3FEND project. For the D3FEND ontology repo see: https://github.com/d3fend/d3fend-ontology
  ☆90Updated last month
• center-for-threat-informed-defense / insider-threat-ttp-kb
  The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders…
  ☆147Updated 6 months ago
• Security-Onion-Solutions / securityonion-image
  ☆53Updated this week
• UncoderIO / Roota
  Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …
  ☆132Updated last year
• opencybersecurityalliance / kestrel-huntbook
  This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)
  ☆36Updated 2 years ago
• opencybersecurityalliance / documentation
  OCA-wide documentation shared by all sub-projects and repositories
  ☆33Updated last year
• OTRF / OSSEM-CDM
  OSSEM Common Data Model
  ☆56Updated 3 years ago
• UncoderIO / Uncoder_IO
  An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
  ☆172Updated 2 months ago
• mitre / saf
  The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools…
  ☆171Updated this week