splunk / security_content_docs

Related projects ⓘ

Alternatives and complementary repositories for security_content_docs

• signorrayan / SplunkThreatHunting
  This repository contains Splunk queries to hunt some anomalies
  ☆38Updated 2 years ago
• acquiredsecurity / Sentinel-One-STAR-Rules-Threat-Hunts
  SentinelOne STAR Rules
  ☆50Updated last year
• invictus-ir / Blue-team-app-Office-365-and-Azure
  ☆70Updated last month
• LogRhythm-Labs / Sigma
  Convert Sigma rules to LogRhythm searches
  ☆19Updated 2 years ago
• The-DFIR-Report / cyberchef-recipes
  ☆18Updated 2 years ago
• Loginsoft-LLC / threat-detection-rules
  Threat Detection & Anomaly Detection rules for popular open-source components
  ☆50Updated 2 years ago
• west-wind / Threat-Hunting-With-Splunk
  Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
  ☆57Updated 6 months ago
• invictus-ir / o365_dataset
  A dataset containing Office 365 Unified Audit Logs for security research and detection
  ☆48Updated 2 years ago
• cylaris / awesomekql
  Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
  ☆51Updated last year
• HASecuritySolutions / LogCampaign
  Provides detection capabilities and log conversion to evtx or syslog capabilities
  ☆52Updated 2 years ago
• k-bailey / detection-engineering-maturity-matrix
  ☆87Updated 2 years ago
• TazWake / Public
  Collection of scripts provided for public use
  ☆31Updated last week
• MHaggis / notes
  Full of public notes and Utilities
  ☆87Updated last week
• gertjanbruggink / metrics
  This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.
  ☆97Updated this week
• ReconInfoSec / rhq
  Recon Hunt Queries
  ☆75Updated 3 years ago
• RoqueNight / DefenderATP-Proactive-Threat-Hunting-Queries-KQL
  List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…
  ☆23Updated 3 years ago
• joshlemon / DFIR-Reference-Frameworks
  Repository of public reference frameworks for the DFIR community.
  ☆109Updated last year
• mdecrevoisier / Splunk-input-windows-baseline
  Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…
  ☆81Updated last month
• correlatedsecurity / SPEED-SIEM-Use-Case-Framework
  Repository for SPEED SIEM Use Case Framework
  ☆52Updated 4 years ago
• MSSAPSCA1 / Azure_Sentinel
  Bulk turn on Analytic rules in Azure Sentinel
  ☆16Updated 3 years ago
• P4T12ICK / Sigma2SplunkAlert
  Converts Sigma detection rules to a Splunk alert configuration.
  ☆107Updated 4 years ago
• SigmaHQ / pySigma-backend-splunk
  pySigma Splunk backend
  ☆34Updated 7 months ago
• siriussecurity / dettectinator
  Dettectinator - The Python library to your DeTT&CT YAML files.
  ☆104Updated 2 weeks ago
• cyentific-rni / security-playbook-stix-misp-exchange
  This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that ma…
  ☆15Updated 2 years ago
• WillOram / cyber-incident-management
  Notes on managing and coordinating the response to major cyber incidents
  ☆39Updated 4 years ago
• WillOram / AzureAD-incident-response
  Notes on responding to security breaches relating to Azure AD
  ☆96Updated 2 years ago
• murchisd / splunk_pstree_app
  Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
  ☆23Updated last year
• center-for-threat-informed-defense / attack-powered-suit
  ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, conte…
  ☆73Updated 2 weeks ago
• keyboardcrunch / SentinelOne-ATTACK-Queries
  MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity
  ☆86Updated 3 years ago