the2dl / chronicle_detection_publicLinks
Public Chronicle Detection Rules
☆12Updated 2 years ago
Alternatives and similar repositories for chronicle_detection_public
Users that are interested in chronicle_detection_public are comparing it to the libraries listed below
Sorting:
- ☆15Updated 4 years ago
- Jupyter Notebooks for Cyber Threat Intelligence☆35Updated last year
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Updated 4 months ago
- ShellSweeping the evil.☆52Updated 11 months ago
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆38Updated last year
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆20Updated 7 months ago
- Azure function to insert MISP data in to Azure Sentinel☆32Updated 2 years ago
- Security Content for the PEAK Threat Hunting Framework☆29Updated last year
- An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.☆21Updated 2 years ago
- ☆21Updated 2 years ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆18Updated last year
- A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.☆16Updated 5 months ago
- Library of threat hunts to get any user started!☆44Updated 4 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆13Updated 3 years ago
- Splunk Technology-AddOn for Aurora Sigma-Based EDR Agent. It helps parse and configure the necessary inputs to neatly consume Aurora EDR …☆13Updated 2 years ago
- Scripts and lists to help generate YARA friendly string mutations☆21Updated 2 years ago
- Threat Box Assessment Tool☆19Updated 3 years ago
- Powershell sandboxing utility☆18Updated 2 weeks ago
- ☆21Updated 2 months ago
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆35Updated 2 years ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆27Updated last week
- Slides and materials from conference presentations☆9Updated last year
- My Jupyter Notebooks☆36Updated 2 months ago
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆28Updated last week
- Learn how to get more out of publicly available threat reports to help improve the security posture of your organization! TLP: White Thre…☆15Updated 2 years ago
- ☆11Updated last year
- ☆19Updated 3 years ago
- Automated detection rule analysis utility☆29Updated 2 years ago
- Yara rules☆22Updated 2 years ago
- A repository of Sysmon For Linux configuration modules☆15Updated 3 years ago