thomaspatzke / EQUELView external linksLinks
An Elasticsearch QUEry Language
☆57Jul 3, 2017Updated 8 years ago
Alternatives and similar repositories for EQUEL
Users that are interested in EQUEL are comparing it to the libraries listed below
Sorting:
- Network detector for Winnti malware☆21Mar 6, 2018Updated 7 years ago
- Exporting MISP event attributes to yara rules usable with Thor apt scanner☆24Mar 27, 2017Updated 8 years ago
- An ICAP Server with yara scanner for URL and content.☆58Dec 19, 2024Updated last year
- Python-based cloud node for local use☆11Mar 7, 2018Updated 7 years ago
- Meeting notes☆14Apr 5, 2016Updated 9 years ago
- Elasticsearch Watcher plugin for the elasticsearch.js client☆13Apr 18, 2018Updated 7 years ago
- BinSequencer is a script designed to find a common pattern of bytes within a set of samples and generate a YARA rule from the identified…☆81Jan 2, 2022Updated 4 years ago
- A search command for Splunk which will allow you to search Elastic Search and display the results in the Splunk GUI☆70Aug 10, 2025Updated 6 months ago
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆37Sep 19, 2017Updated 8 years ago
- A Yara rule generator for finding related samples and hunting☆162Sep 11, 2022Updated 3 years ago
- Modern Honey Network deployment with ansible☆12Jun 4, 2022Updated 3 years ago
- Elasticsearch querying library☆20Jun 16, 2019Updated 6 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆42Sep 18, 2018Updated 7 years ago
- Splunk app to support presentation at .conf2015 on free security tools and Splunk☆10Sep 24, 2015Updated 10 years ago
- A curated list of awesome threat detection and hunting resources☆10Mar 23, 2018Updated 7 years ago
- Using Shodan to get a breakdown of the most common key names in public Redis servers.☆13Dec 10, 2017Updated 8 years ago
- Proof of concept implementation of a cyber threat intelligence and incident handling platform☆11Feb 10, 2023Updated 3 years ago
- Python script to automatically create sigma rules from The hive observables☆25Mar 17, 2019Updated 6 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Nov 17, 2020Updated 5 years ago
- A Python library to help with some common threat hunting data analysis operations☆141Apr 23, 2023Updated 2 years ago
- Command line tool for scanning streams within office documents plus xor db attack☆127Sep 23, 2023Updated 2 years ago
- Transform dumped executable memory back into an identical match from disk. Use network or local database to de-locate relocated binaries…☆12Jan 10, 2016Updated 10 years ago
- RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the …☆10Jul 1, 2015Updated 10 years ago
- Konrads' Pen-Ultimate (Windows) Log File Parser☆14Dec 27, 2025Updated last month
- Django web interface for managing Yara rules☆197Jul 28, 2018Updated 7 years ago
- collectd☆11Feb 3, 2020Updated 6 years ago
- ☆10Sep 20, 2015Updated 10 years ago
- Python module to interact with THOR Thunderstorm service☆17Dec 5, 2025Updated 2 months ago
- Some IR notes☆73Jul 23, 2016Updated 9 years ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆209Sep 15, 2021Updated 4 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago
- VPS infrastructure found in HT dumps☆26Jul 10, 2015Updated 10 years ago
- Translate STIX 2 Patterning Queries☆31Oct 4, 2018Updated 7 years ago
- Various Bro scripts☆96Jul 8, 2016Updated 9 years ago
- IOC Management and Visualization Tool☆48Dec 8, 2022Updated 3 years ago
- Standalone CIRCLean/KittenGroomer code to sanitize emails.☆11Aug 9, 2018Updated 7 years ago
- Queries to parse sysmon event log file with microsoft logparser☆58Mar 31, 2015Updated 10 years ago
- A collection of awesome resources built for and around the Splunk Phantom platform.☆15Jul 7, 2020Updated 5 years ago
- ☆13Feb 17, 2022Updated 3 years ago