petebryan / blue_team_con
☆17Updated 2 years ago
Alternatives and similar repositories for blue_team_con:
Users that are interested in blue_team_con are comparing it to the libraries listed below
- ☆41Updated last year
- Azure function to insert MISP data in to Azure Sentinel☆31Updated 2 years ago
- ☆72Updated 5 months ago
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆15Updated 2 years ago
- Jupyter notebooks☆23Updated 4 years ago
- Microsoft GPO Readiness Lateral Movement Detection Tool☆16Updated 2 years ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆19Updated last year
- ☆46Updated last week
- Random tips and tricks RE: ransomware☆14Updated 3 years ago
- ☆41Updated 3 years ago
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆25Updated 3 years ago
- gundog - guided hunting in Microsoft Defender☆52Updated 3 years ago
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆39Updated 3 years ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆32Updated last month
- Azure AD Incident Response☆25Updated 3 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Updated last month
- A WDAC configuration repository with the sole intention of enriching MDE☆28Updated 2 years ago
- A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.☆16Updated 3 months ago
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆40Updated 4 years ago
- A repository of Sysmon For Linux configuration modules☆15Updated 3 years ago
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 11 months ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Updated last year
- Ingesting Shodan Monitor Alerts to Microsoft Sentinel☆34Updated last year
- ☆21Updated 2 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆20Updated 3 years ago
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆39Updated 5 years ago
- Repository for SPEED SIEM Use Case Framework☆53Updated 4 years ago
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 7 months ago
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆35Updated 4 months ago