sophos / solarwinds-threathunt
Threathunt details for the Solarwinds compromise
☆33Updated 3 years ago
Related projects: ⓘ
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆51Updated 2 years ago
- Expert Investigation Guides☆50Updated 3 years ago
- ☆51Updated 3 years ago
- Collection of walkthroughs on various threat hunting techniques☆73Updated 4 years ago
- A Splunk app with saved reports derived from Sigma rules☆72Updated 6 years ago
- automate your MISP installs☆66Updated 4 years ago
- Indicators of compromise, YARA rules, and Python scripts to supplement the SANS CTI Summit 2021 talk: "xStart when you're ready".☆14Updated 3 years ago
- ☆76Updated 5 years ago
- ☆40Updated 3 years ago
- Deploy and maintain Symon through the Splunk Deployment Sever☆31Updated 4 years ago
- Collection of resources related to the Center for Threat-Informed Defense☆77Updated 3 months ago
- My conference presentations☆66Updated 11 months ago
- This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.☆82Updated last year
- Collection of useful, up to date, Carbon Black Response Queries☆82Updated 3 years ago
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆36Updated 2 years ago
- Defensive Origins Training Schedule☆35Updated 9 months ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 2 years ago
- Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation☆21Updated last month
- Sharing Threat Hunting runbooks☆24Updated 5 years ago
- Recon Hunt Queries☆76Updated 3 years ago
- Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.☆44Updated 4 years ago
- A community event for security researchers to share their favorite notebooks☆105Updated 7 months ago
- Mapping your datasources and detections to the MITRE ATT&CK Navigator framework.☆57Updated 4 years ago
- Dashboards for conducting forensic investigation using windows events in Kibana☆17Updated 5 years ago
- ☆34Updated 3 years ago
- BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.☆41Updated last year
- Repo of python/bash scripts for identifying IoC's in threat feed and other online tools☆26Updated 4 years ago
- List of PowerShell commands and commandlets that should be in your Powershel watchlist☆37Updated 3 years ago
- Volatility plugins developed and maintained by the community☆21Updated 6 years ago
- My Jupyter Notebooks☆36Updated 5 months ago