socprime/soc_workflow_app_ce

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/socprime/soc_workflow_app_ce)

socprime / soc_workflow_app_ce

SOC Workflow App helps Security Analysts and Threat Hunters explore suspicious events, look into raw events arriving at the Elastic Stack, and view Saved Searches configured by teammates.

☆94

Alternatives and similar repositories for soc_workflow_app_ce

Users that are interested in soc_workflow_app_ce are comparing it to the libraries listed below

Sorting:

lprat / logstash-plugins
View on GitHub
My logstash plugins. Filter: sig (for security detect -> IOC, sig, New value, Reference, link, frequence, ...). Output: alert created by …
☆10Jul 26, 2019Updated 6 years ago
jordisk / TheHive2Sigma
View on GitHub
Python script to automatically create sigma rules from The hive observables
☆25Mar 17, 2019Updated 6 years ago
3CORESec / SIEGMA
View on GitHub
SIEGMA - Transform Sigma rules into SIEM consumables
☆159Mar 10, 2025Updated 11 months ago
neu5ron / es_stk
View on GitHub
☆13Apr 8, 2022Updated 3 years ago
COSSAS / sacti
View on GitHub
SACTI - Securely aggregate CTI sightings and report them on MISP
☆14Oct 24, 2022Updated 3 years ago
capesstack / capes-docker
View on GitHub
Cyber Analytics Platform and Examination System (CAPES) Project Page
☆14Feb 1, 2022Updated 4 years ago
tylabs / dovehawk
View on GitHub
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
☆122Jul 12, 2021Updated 4 years ago
3CORESec / S2AN
View on GitHub
S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
☆91Dec 8, 2022Updated 3 years ago
atc-project / atomic-threat-coverage
View on GitHub
Actionable analytics designed to combat threats
☆1,005May 25, 2022Updated 3 years ago
swimlane / soc-faker
View on GitHub
A python package for use in generating fake data for SOC and security automation.
☆175Mar 7, 2025Updated 11 months ago
austinsonger / Elastic-Security
View on GitHub
Repo for Automations and other solutions for Elastic SIEM/Security.
☆18Jun 15, 2021Updated 4 years ago
capesstack / capes
View on GitHub
Cyber Analytics Platform and Examination System (CAPES) Project Page
☆60Aug 3, 2019Updated 6 years ago
neu5ron / WinLogsZero2Hero
View on GitHub
This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.
☆22Jan 30, 2018Updated 8 years ago
randomuserid / Adama
View on GitHub
Searches For Threat Hunting and Security Analytics
☆238Mar 26, 2025Updated 11 months ago
SecurityRiskAdvisors / TALR
View on GitHub
Threat Alert Logic Repository
☆93Feb 7, 2019Updated 7 years ago
corelight / json-streaming-logs
View on GitHub
Zeek package to create JSON formatted logs to stream into data analysis systems.
☆30Dec 3, 2025Updated 3 months ago
MalwareArchaeology / ARTHIR
View on GitHub
ATT&CK Remote Threat Hunting Incident Response
☆206Dec 8, 2024Updated last year
0xThiebaut / sigmai
View on GitHub
Import specific data sources into the Sigma generic and open signature format.
☆79May 6, 2022Updated 3 years ago
opendxl / opendxl-console
View on GitHub
OpenDXL Console is a high-level web-based console for interacting with a DXL fabric
☆11Mar 29, 2021Updated 4 years ago
thomaspatzke / sigma-workshop
View on GitHub
Elasticsearch/Kibana environment and log data for Sigma workshop
☆26Dec 20, 2019Updated 6 years ago
MISP / docker-misp
View on GitHub
Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing
☆104Dec 29, 2023Updated 2 years ago
swiftbird07 / IRIS-SOAR
View on GitHub
🚀 IRIS-SOAR: Modular SOAR (Security Orchestration, Automation, and Response) implementation in Python. Designed to complement DFIR-IRIS …
☆14Mar 27, 2024Updated last year
binorassocies / brostash
View on GitHub
brostash: Linux distribution based on Debian and focusing on network security events collection
☆33Aug 30, 2020Updated 5 years ago
DearBytes / Opensource-Endpoint-Monitoring
View on GitHub
This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
☆35Jul 8, 2019Updated 6 years ago
PolitoInc / ELK-Hunting
View on GitHub
Threat Hunting with ELK Workshop (InfoSecWorld 2017)
☆65Oct 31, 2017Updated 8 years ago
MISP / misp-cloud
View on GitHub
misp-cloud - Cloud-ready images of MISP
☆74Aug 24, 2022Updated 3 years ago
Foundstone / InvestigationPlaybookSpec
View on GitHub
InvestigationPlaybookSpec
☆71Sep 26, 2017Updated 8 years ago
mitre-attack / bzar
View on GitHub
A set of Zeek scripts to detect ATT&CK techniques.
☆620Jun 26, 2024Updated last year
DynamiteAI / dynamite-nsm
View on GitHub
DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat det…
☆172May 23, 2023Updated 2 years ago
sofwerx / pcas
View on GitHub
☆12Apr 26, 2018Updated 7 years ago
Patrowl / PatrowlEngines
View on GitHub
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
☆245Feb 11, 2026Updated 2 weeks ago
OTRF / Security-Datasets
View on GitHub
Re-play Security Events
☆1,723Mar 20, 2024Updated last year
defenxor / dsiem
View on GitHub
Security event correlation engine for ELK stack
☆448Jun 26, 2024Updated last year
TheHive-Project / Hippocampe
View on GitHub
Threat Feed Aggregation, Made Easy
☆169Jul 13, 2020Updated 5 years ago
Neo23x0 / evt2sigma
View on GitHub
Log Entry to Sigma Rule Converter
☆107Mar 3, 2022Updated 3 years ago
dgunter / ParseZeekLogs
View on GitHub
Utility for parsing Bro log files into CSV or JSON format
☆41Jan 12, 2023Updated 3 years ago
crits / crits_services
View on GitHub
CRITs Services Collection
☆184Apr 30, 2021Updated 4 years ago
caschnee / misp-use-cases
View on GitHub
☆14May 30, 2018Updated 7 years ago
MSSAPSCA1 / Azure_Sentinel
View on GitHub
Bulk turn on Analytic rules in Azure Sentinel
☆19Oct 7, 2021Updated 4 years ago