threathunters-io / laurel

Related projects ⓘ

Alternatives and complementary repositories for laurel

• tclahr / uac
  UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of …
  ☆790Updated last week
• cyb3rfox / Aurora-Incident-Response
  Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
  ☆765Updated last year
• atc-project / atc-react
  A knowledge base of actionable Incident Response techniques
  ☆612Updated 2 years ago
• wagga40 / Zircolite
  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
  ☆678Updated last week
• chainguard-dev / osquery-defense-kit
  Production-ready detection & response queries for osquery
  ☆523Updated this week
• teoseller / osquery-attck
  Mapping the MITRE ATT&CK Matrix with Osquery
  ☆776Updated last year
• TonyPhipps / SIEM
  SIEM Tactics, Techiques, and Procedures
  ☆584Updated 2 weeks ago
• mdecrevoisier / SIGMA-detection-rules
  Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques
  ☆306Updated 5 months ago
• bfuzzy / auditd-attack
  A Linux Auditd rule set mapped to MITRE's Attack Framework
  ☆778Updated 4 years ago
• Neo23x0 / sysmon-config
  Sysmon configuration file template with default high-quality event tracing
  ☆454Updated 9 months ago
• defenxor / dsiem
  Security event correlation engine for ELK stack
  ☆434Updated 4 months ago
• zeronetworks / BlueHound
  BlueHound - pinpoint the security issues that actually matter
  ☆712Updated last year
• SigmaHQ / pySigma
  Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)
  ☆395Updated this week
• palantir / osquery-configuration
  A repository for using osquery for incident detection and response
  ☆824Updated 2 years ago
• splunk / attack_data
  A repository of curated datasets from various attacks
  ☆587Updated this week
• mdecrevoisier / EVTX-to-MITRE-Attack
  Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
  ☆520Updated 2 months ago
• mitre-attack / bzar
  A set of Zeek scripts to detect ATT&CK techniques.
  ☆563Updated 4 months ago
• atc-project / atomic-threat-coverage
  Actionable analytics designed to combat threats
  ☆972Updated 2 years ago
• CriticalPathSecurity / Zeek-Intelligence-Feeds
  Zeek-Formatted Threat Intelligence Feeds
  ☆343Updated this week
• idaholab / Malcolm
  Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…
  ☆358Updated this week
• Hestat / ossec-sysmon
  A Ruleset to enhance detection capabilities of Ossec using Sysmon
  ☆85Updated 2 years ago
• FalconForceTeam / FalconFriday
  Hunting queries and detections
  ☆725Updated last month
• OTRF / OSSEM
  Open Source Security Events Metadata (OSSEM)
  ☆1,238Updated last year
• redcanaryco / invoke-atomicredteam
  Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red…
  ☆844Updated last week
• dfirtrack / dfirtrack
  DFIRTrack - The Incident Response Tracking Application
  ☆482Updated 2 months ago
• ScarredMonk / SysmonSimulator
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆831Updated 2 years ago
• center-for-threat-informed-defense / attack-flow
  Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by devel…
  ☆555Updated this week
• olafhartong / ThreatHunting
  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
  ☆1,137Updated last year
• palantir / alerting-detection-strategy-framework
  A framework for developing alerting and detection strategies for incident response.
  ☆686Updated 2 years ago
• philhagen / sof-elk
  Configuration files for the SOF-ELK VM
  ☆1,493Updated this week