An ELK environment containing interesting security datasets.
☆136May 11, 2020Updated 5 years ago
Alternatives and similar repositories for elk-detection-lab
Users that are interested in elk-detection-lab are comparing it to the libraries listed below
Sorting:
- Import specific data sources into the Sigma generic and open signature format.☆79May 6, 2022Updated 3 years ago
- Elasticsearch/Kibana environment and log data for Sigma workshop☆26Dec 20, 2019Updated 6 years ago
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆573Dec 12, 2021Updated 4 years ago
- Automatic detection engineering technical state compliance☆55Jul 7, 2024Updated last year
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆111Feb 6, 2020Updated 6 years ago
- Automated Use Case Testing☆171May 1, 2018Updated 7 years ago
- ☆14May 30, 2018Updated 7 years ago
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 6 months ago
- Resolvn Threat Hunting Virtual Machine☆139Aug 16, 2019Updated 6 years ago
- Elemental - An ATT&CK Threat Library☆318Dec 8, 2022Updated 3 years ago
- Re-play Security Events☆1,725Mar 20, 2024Updated last year
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆86Jun 23, 2025Updated 8 months ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆786Feb 22, 2026Updated 2 weeks ago
- Windows Events Attack Samples☆2,517Jan 24, 2023Updated 3 years ago
- Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt☆40Jun 20, 2023Updated 2 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆115May 18, 2020Updated 5 years ago
- All-in-one bundle of MISP, TheHive and Cortex☆170Sep 27, 2022Updated 3 years ago
- Sigma Detection Rule Repository☆92Jun 18, 2020Updated 5 years ago
- See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)☆108Feb 12, 2023Updated 3 years ago
- Utilities for MITRE™ ATT&CK☆1,050Jan 3, 2026Updated 2 months ago
- ☆19Oct 23, 2020Updated 5 years ago
- Misc Threat Hunting Resources☆377Jan 26, 2023Updated 3 years ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆91Dec 8, 2022Updated 3 years ago
- Open source training materials for law-enforcement and organisations interested in DFIR.☆63May 30, 2025Updated 9 months ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago
- EventList☆377Mar 21, 2021Updated 4 years ago
- ☆15Dec 16, 2020Updated 5 years ago
- Generic Signature Format for SIEM Systems☆18Jul 25, 2023Updated 2 years ago
- Zeek plugin to generate data on per-packet sizes and intervals☆14Apr 21, 2020Updated 5 years ago
- Searches For Threat Hunting and Security Analytics☆238Mar 26, 2025Updated 11 months ago
- Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK☆1,078Nov 28, 2024Updated last year
- Open Source Security Events Metadata (OSSEM)☆1,288Feb 27, 2023Updated 3 years ago
- Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets☆142Oct 12, 2020Updated 5 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- Logging Made Easy☆710Nov 1, 2023Updated 2 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆208Jul 21, 2022Updated 3 years ago
- Detect Tactics, Techniques & Combat Threats☆2,268Jan 21, 2026Updated last month
- ATT&CK Remote Threat Hunting Incident Response☆206Dec 8, 2024Updated last year
- YETI (Your Everyday Threat Intelligence) Integration to Elastic Stack☆16Jan 6, 2021Updated 5 years ago