siriussecurity / tanium-attack-mapping
Creating an ATT&CK Navigator layer with the detection coverage of the signals available within Tanium Threat Response.
☆11Updated 3 years ago
Alternatives and similar repositories for tanium-attack-mapping:
Users that are interested in tanium-attack-mapping are comparing it to the libraries listed below
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆22Updated 3 years ago
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆38Updated last year
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Updated 2 months ago
- Library of threat hunts to get any user started!☆44Updated 4 years ago
- Incident Response Report Using GitHub-Sphinx☆20Updated 5 years ago
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge base☆23Updated 2 years ago
- Open-source Fabric templates for cybersecurity and compliance☆17Updated 3 months ago
- ☆34Updated last year
- A collection of tips for using MISP.☆74Updated 4 months ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆32Updated 3 months ago
- Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation☆22Updated 4 months ago
- Workflows for Shuffle☆21Updated 2 years ago
- Azure function to insert MISP data in to Azure Sentinel☆32Updated 2 years ago
- pySigma Splunk backend☆38Updated 2 months ago
- SIEM USE Case Selection Methodology☆16Updated 4 years ago
- Python library for threat intelligence☆86Updated 3 months ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆20Updated 4 years ago
- ☆34Updated 4 years ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆19Updated last year
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆41Updated 4 years ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆67Updated last year
- A lab environment for learning about MSTICPy☆36Updated 2 years ago
- A tool that allows you to document and assess any security automation in your SOC☆46Updated 5 months ago
- This script provides a Python library with methods to authenticate to various sources of threat intelligence and query IPs for the latest…☆18Updated 2 months ago
- The Intelligent Process Lifecycle of Active Cyber Defenders☆31Updated 2 years ago
- SigmaHQ pySigma CrowdStrike processing pipeline☆24Updated 6 months ago
- Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents☆40Updated last year
- DNS Dashboard for hunting and identifying beaconing☆15Updated 4 years ago
- A collection of searches, interesting events and tables on Crowdstrike Splunk.☆29Updated 4 years ago
- A pySigma wrapper to manage detection rules.☆37Updated last week