quadrantsec / sagan-rules
☆25Updated last week
Related projects: ⓘ
- Threat Detection & Anomaly Detection rules for popular open-source components☆49Updated 2 years ago
- Import specific data sources into the Sigma generic and open signature format.☆77Updated 2 years ago
- Workflows for Shuffle☆20Updated last year
- MITRE Engage™ is a framework for conducting Denial, Deception, and Adversary Engagements.☆59Updated 5 months ago
- Technical add-on for Splunk related to TheHive/Cortex from TheHive project☆47Updated 2 months ago
- ☆34Updated 3 years ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆32Updated 2 years ago
- A Linux Auditd rule set mapped to MITRE's Attack Framework☆87Updated 11 months ago
- A Sigma to Wazuh / OSSEC converter including a generated Windows Sysmon ruleset☆33Updated 4 years ago
- ☆43Updated 2 years ago
- Zeek package for tracking long connections to report them before they have completed.☆28Updated 2 years ago
- Automated detection rule analysis utility☆29Updated last year
- Repository for SPEED SIEM Use Case Framework☆52Updated 4 years ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆55Updated 4 months ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆83Updated last year
- Sigma Detection Rule Repository☆84Updated 4 years ago
- Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE…☆33Updated 5 months ago
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆106Updated 4 years ago
- Convert Sigma rules to Wazuh rules☆55Updated 5 months ago
- RPM packages for MISP☆32Updated 2 weeks ago
- A website and framework for testing NIDS detection☆56Updated 3 years ago
- The aim of this repository is to provide a list of examples of tools, sources and measures available to incident response teams☆58Updated 4 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆51Updated 3 years ago
- Run Velociraptor on Security Onion☆34Updated 2 years ago
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Updated 4 years ago
- Recon Hunt Queries☆76Updated 3 years ago
- Library of threat hunts to get any user started!☆40Updated 4 years ago
- A collection of tips for using MISP.☆74Updated 5 months ago
- A community event for security researchers to share their favorite notebooks☆105Updated 7 months ago
- Sysmon and wazuh integration with Sigma sysmon rules [updated]☆60Updated 3 years ago