sandialabs / gait
Zeek Extension to Collect Metadata for Profiling of Endpoints and Proxies
☆27Updated 11 months ago
Alternatives and similar repositories for gait:
Users that are interested in gait are comparing it to the libraries listed below
- Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt☆39Updated last year
- ☆34Updated 4 years ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆34Updated 2 years ago
- Automated detection rule analysis utility☆29Updated 2 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆23Updated 3 years ago
- Automatic detection engineering technical state compliance☆54Updated 8 months ago
- Get started using Synapse Open-Source to start a Cortex and perform analysis within your area of expertise.☆40Updated 2 years ago
- Zeek package to generate a SMB client fingerprint☆27Updated 4 years ago
- pocket guide for core threat hunting concepts☆23Updated 4 years ago
- A Splunk Technology Add-on to forward filtered ETW events.☆30Updated 4 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Updated 4 years ago
- ☆12Updated 3 years ago
- This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.☆34Updated 5 years ago
- YETI (Your Everyday Threat Intelligence) Integration to Elastic Stack☆16Updated 4 years ago
- ☆41Updated 11 months ago
- My conference presentations☆66Updated last year
- CyCAT.org API back-end server including crawlers☆30Updated 2 years ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆26Updated 3 months ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆52Updated 2 years ago
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆76Updated 3 years ago
- Actionable analytics designed to combat threats based on MITRE's ATT&CK.☆22Updated 5 years ago
- A collection of hunting and blue team scripts. Mostly others, some my own.☆38Updated 2 years ago
- A MITRE Caldera plugin☆41Updated 3 months ago
- ☆12Updated 5 years ago
- ☆33Updated 4 months ago
- Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…☆68Updated last month
- Import specific data sources into the Sigma generic and open signature format.☆77Updated 2 years ago
- OSSEM Modular☆27Updated 4 years ago
- Old home of LimaCharlie, open source EDR☆30Updated last year
- A repository of Sysmon For Linux configuration modules☆15Updated 3 years ago