Alternatives and similar repositories for samples

Users that are interested in samples are comparing it to the libraries listed below

• Hestat / ossec-sysmon
  A Ruleset to enhance detection capabilities of Ossec using Sysmon
  ☆93Updated 3 years ago
• MISP / x_old_misp_docker
  MISP Docker (XME edition)
  ☆282Updated last year
• enotspe / fortinet-2-elasticsearch
  Fortinet products logs to Elasticsearch
  ☆98Updated this week
• idaholab / Malcolm
  Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…
  ☆408Updated last week
• atc-project / atc-react
  A knowledge base of actionable Incident Response techniques
  ☆639Updated 3 years ago
• bk-cs / rtr
  Real-time Response scripts and schema
  ☆113Updated last year
• coolacid / docker-misp
  A (nearly) production ready Dockered MISP
  ☆231Updated last year
• center-for-threat-informed-defense / tram
  TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE AT…
  ☆496Updated last month
• NUKIB / misp
  Docker image for MISP
  ☆127Updated last week
• LogRhythm-Tools / LogRhythm.Tools
  LogRhythm PowerShell Toolkit
  ☆51Updated this week
• 3CORESec / SIEGMA
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆151Updated 2 months ago
• AustralianCyberSecurityCentre / windows_event_logging
  Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technic…
  ☆220Updated 4 months ago
• MSISAC / STIX-TAXII-Integration
  ☆28Updated 5 years ago
• ExabeamLabs / Content-Doc
  ☆126Updated last year
• TheHive-Project / Cortex-Analyzers
  Cortex Analyzers Repository
  ☆460Updated last week
• mitre-attack / mitreattack-python
  A python module for working with ATT&CK
  ☆552Updated last month
• center-for-threat-informed-defense / attack-workbench-frontend
  An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…
  ☆358Updated last week
• mdecrevoisier / SIGMA-detection-rules
  Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques
  ☆366Updated 4 months ago
• Neo23x0 / sysmon-config
  Sysmon configuration file template with default high-quality event tracing
  ☆487Updated last year
• mitre-attack / bzar
  A set of Zeek scripts to detect ATT&CK techniques.
  ☆593Updated 11 months ago
• CiscoSecurity / amp-01-basics
  Scripts that cover the basics of interacting with the AMP for Endpoints API
  ☆17Updated 6 years ago
• dhoelzer / ShowMeThePackets
  Useful network monitoring, analysis, and active response tools used or mentioned in the SANS SEC503 course (https://www.sans.org/course/i…
  ☆229Updated 5 months ago
• mitre-attack / tram
  Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.
  ☆352Updated 3 years ago
• JSCU-NL / logging-essentials
  A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention.
  ☆284Updated 3 years ago
• guardsight / gsvsoc_cirt-playbook-battle-cards
  Cyber Incident Response Team Playbook Battle Cards
  ☆379Updated last year
• sophos / Sophos-Central-SIEM-Integration
  Simple integration script for 3rd party systems such as SIEMs. Offers command line, file or syslog output in CEF, JSON or key-value pair …
  ☆132Updated last year
• splunk / botsv2
  Splunk Boss of the SOC version 2 dataset.
  ☆381Updated 2 years ago
• PaloAltoNetworks / minemeld
  Main MineMeld documentation repo
  ☆379Updated 7 years ago
• mitre-attack / attack-datasources
  This content is analysis and research of the data sources currently listed in ATT&CK.
  ☆410Updated last year
• inodee / threathunting-spl
  Splunk code (SPL) for serious threat hunters and detection engineers.
  ☆280Updated last year