This repository is created to add value to existing Network Security Monitoring solutions.
☆42Sep 20, 2016Updated 9 years ago
Alternatives and similar repositories for NSM
Users that are interested in NSM are comparing it to the libraries listed below
Sorting:
- Indices for courses in SANS' Network Security Operations curriculum☆17Feb 5, 2016Updated 10 years ago
- ☆12Jan 5, 2021Updated 5 years ago
- ☆56Jun 12, 2021Updated 4 years ago
- A collaborative CISSP notes card☆39Dec 20, 2015Updated 10 years ago
- ☆30Nov 15, 2018Updated 7 years ago
- This repository is created to add value to existing Network Security Monitoring solutions.☆17Sep 30, 2016Updated 9 years ago
- ☆77Jun 25, 2019Updated 6 years ago
- Mark Baggett's (@MarkBaggett - GSE #15, SANS SEC573 Author) tool for detecting randomness using NLP techniques rather than pure entropy c…☆131Oct 24, 2022Updated 3 years ago
- OSSEC Decoder & Rulesets for Sysmon Events☆15Jul 23, 2015Updated 10 years ago
- Contacts Synchronization Private Directory Public Directory City Search Profession Search☆11Oct 21, 2017Updated 8 years ago
- Detect Phishing with Bro IDS☆18Feb 1, 2017Updated 9 years ago
- Term concordances for each course in the SANS DFIR curriculum. Used for automated index generation.☆69Aug 7, 2020Updated 5 years ago
- ☆14Feb 8, 2020Updated 6 years ago
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- ☆11Oct 21, 2020Updated 5 years ago
- This is a repository for freq.py and freq_server.py☆216Feb 1, 2026Updated last month
- ☆226Nov 9, 2023Updated 2 years ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆28Aug 6, 2025Updated 7 months ago
- Learn about a network from a pcap file or reading from an interface☆29Apr 6, 2024Updated last year
- ☆11Mar 12, 2021Updated 4 years ago
- MISP sighting server is a fast sighting server to store and look-up sightings on attributes (network indicators, file hashes, system indi…☆15Dec 24, 2023Updated 2 years ago
- Extensions for Zeek's Intelligence Framework.☆11Mar 1, 2022Updated 4 years ago
- A Powershell script for frequency analysis of separated values data files.☆17Jan 22, 2014Updated 12 years ago
- Integrating Sysinternals Autoruns’ logs into Security Onion☆31Feb 20, 2024Updated 2 years ago
- ☆18Dec 6, 2022Updated 3 years ago
- Alienvault OTX Bro IDS Connector☆78Sep 7, 2015Updated 10 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- SANS Blue Team Pages☆13Apr 8, 2017Updated 8 years ago
- Use DNS to hunt for threats including DGAs☆15Jan 4, 2016Updated 10 years ago
- This project is no longer maintained. There's a successor at https://github.com/zeek-packages/zeek-agent-v2☆14Oct 12, 2020Updated 5 years ago
- This is a framework written in EnScript to utilize the network capabilities of EnCase. The purpose is to allow for someone to build a qui…☆13Apr 22, 2015Updated 10 years ago
- viewssld is a free, open source, non-terminating SSLv2/SSLv3/TLS traffic decryption daemon for Snort, and other Network Intrusion Detecti…☆74Aug 13, 2017Updated 8 years ago
- Powershell Scripts to automatically deploy an image of a prebuilt VM (up-to-date and with pre-deployed tools and apps) to every region yo…☆20Jun 27, 2023Updated 2 years ago
- Personal repository with handy cheatsheets.☆16Oct 23, 2016Updated 9 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- CryptnetURLCacheParser is a tool to parse CryptAPI cache files☆21Aug 3, 2024Updated last year
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year