panther-labs / panther-analysis
Built-in Panther detection rules and policies
☆349Updated this week
Alternatives and similar repositories for panther-analysis:
Users that are interested in panther-analysis are comparing it to the libraries listed below
- 🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is k…☆378Updated 9 months ago
- ☆378Updated last year
- Dorothy is a tool to test security monitoring and detection for Okta environments☆178Updated 5 months ago
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆264Updated 11 months ago
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆323Updated last year
- ☆368Updated 10 months ago
- Documenting your Threat Models with HCL☆412Updated 4 months ago
- Collection of YARA-L 2.0 sample rules for the Chronicle Detection API☆336Updated last week
- 🚨ATTENTION🚨 The NIST 800-53 mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept…☆487Updated 9 months ago
- Command line tool for working with Panther rules and policies☆38Updated this week
- A MITRE ATT&CK Navigator export for AWS GuardDuty Findings☆137Updated 3 years ago
- Open Cloud Security Posture Management Engine☆336Updated 2 years ago
- A knowledge base of actionable Incident Response techniques☆626Updated 2 years ago
- Graph-based security analysis for everyone☆339Updated last year
- The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders…☆142Updated 4 months ago
- NIST CyberSecurity Framework management tool☆159Updated 3 years ago
- Python installable command line utiltity for mitigation of host and key compromises.☆344Updated 3 years ago
- Python library to carry out DFIR analysis on the Cloud☆468Updated last month
- This content is analysis and research of the data sources currently listed in ATT&CK.☆407Updated last year
- Substation is a toolkit for routing, normalizing, and enriching security event and audit logs.☆334Updated this week
- Released at Black Hat Asia on April 18, 2024, Cloud Console Cartographer is a framework for condensing groupings of cloud events (e.g. Cl…☆161Updated 8 months ago
- ☆91Updated 2 years ago
- A python module to allow for easy integration with the Lacework APIs.☆19Updated 6 months ago
- A collection of projects supporting AWS Integration☆151Updated 2 months ago
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…☆121Updated last month
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆167Updated 4 months ago
- The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools…☆139Updated this week
- Cloud Commotion intends to cause chaos to simulate security incidents☆141Updated 7 months ago
- Maturity models help integrate traditionally separate organizational functions, set process improvement goals and priorities, provide gui…☆221Updated 2 years ago
- OCSF Schema☆642Updated this week