sandialabs / gait
Zeek Extension to Collect Metadata for Profiling of Endpoints and Proxies
☆25Updated 8 months ago
Related projects ⓘ
Alternatives and complementary repositories for gait
- ☆34Updated 3 years ago
- Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt☆37Updated last year
- pocket guide for core threat hunting concepts☆23Updated 4 years ago
- Zeek package to generate a SMB client fingerprint☆26Updated 4 years ago
- CSIRT Jump Bag☆27Updated 6 months ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆23Updated 4 months ago
- ☆46Updated 2 years ago
- CyCAT.org API back-end server including crawlers☆30Updated last year
- Automatic detection engineering technical state compliance☆50Updated 4 months ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆23Updated 3 years ago
- Expert Investigation Guides☆50Updated 3 years ago
- Get started using Synapse Open-Source to start a Cortex and perform analysis within your area of expertise.☆38Updated 2 years ago
- Automated detection rule analysis utility☆29Updated 2 years ago
- ☆12Updated 5 years ago
- Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert☆37Updated 2 years ago
- ☆43Updated last month
- A collection of typical false positive indicators☆54Updated 3 years ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 3 years ago
- Actionable analytics designed to combat threats based on MITRE's ATT&CK.☆22Updated 5 years ago
- Kerberos Haters Guide to Zeek Threat Hunting☆25Updated 3 years ago
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge base☆23Updated 2 years ago
- incident response scripts☆18Updated 5 years ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆52Updated 2 years ago
- A website and framework for testing NIDS detection☆56Updated 3 years ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆35Updated 2 years ago
- Utilizing your Threat data from a MISP instance into CarbonBlack Response by exposing the data in the Threat Intelligence Feed.☆19Updated 2 years ago
- The project was moved here https://github.com/atomic-threat-coverage/atomic-threat-coverage☆23Updated 5 years ago
- A repository of Sysmon For Linux configuration modules☆15Updated 3 years ago
- Attack Tool Timing and Reporting - Structured Attack Logging Format☆21Updated 2 years ago
- Scripts for accessing and transforming cyber threat intelligence☆25Updated 8 years ago