timmolter / logstash-dfirView external linksLinks
Logstash configuration files for analyzing various types of logs
☆25Dec 9, 2016Updated 9 years ago
Alternatives and similar repositories for logstash-dfir
Users that are interested in logstash-dfir are comparing it to the libraries listed below
Sorting:
- ☆15Aug 11, 2019Updated 6 years ago
- Logging plugin to bro to send logs to a Kafka broker☆20Nov 29, 2017Updated 8 years ago
- Tools and Binaries to use with KAPE☆13Aug 13, 2019Updated 6 years ago
- Powershell Functions to interact with TheHive-Project☆11Jun 27, 2019Updated 6 years ago
- A Bro package to identify connections that are bursting (lots of data and transferring quickly).☆13Oct 15, 2020Updated 5 years ago
- A web interface for interacting with your Bro IDS logs.☆86Jun 10, 2021Updated 4 years ago
- Import Bro logs from SecurityOnion into Logstash☆15Nov 10, 2015Updated 10 years ago
- This is a script module for Bro that encapsulates and detects activity related to the Mandiant APT1 report.☆51Feb 11, 2014Updated 12 years ago
- Full Packet Capture for the Masses☆14Sep 13, 2018Updated 7 years ago
- Scripts for Bro IDS and ELK Stack☆57Sep 2, 2015Updated 10 years ago
- brocon-15 scripts☆13Apr 3, 2017Updated 8 years ago
- Utility for parsing Bro log files into CSV or JSON format☆41Jan 12, 2023Updated 3 years ago
- python SDK for CIFv2☆13Nov 5, 2019Updated 6 years ago
- Feed Generator for MISP☆19Nov 2, 2022Updated 3 years ago
- Plugin providing AF_XDP support for Bro.☆14May 10, 2021Updated 4 years ago
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings☆122Jul 12, 2021Updated 4 years ago
- Detect Phishing with Bro IDS☆18Feb 1, 2017Updated 9 years ago
- Expert Investigation Guides☆51Mar 18, 2021Updated 4 years ago
- ☆24Mar 29, 2020Updated 5 years ago
- INACTIVE - http://mzl.la/ghe-archive - Zeek Extreme Performance Tuning☆26Oct 10, 2019Updated 6 years ago
- Bro IDS programs collection.☆146Oct 16, 2019Updated 6 years ago
- bro on debian with elasticsearch support☆24Mar 27, 2017Updated 8 years ago
- (OBSOLETE) Plugins for Bro☆53Sep 13, 2017Updated 8 years ago
- Collection of best practices to add OSINT into MISP and/or MISP communities☆65Sep 29, 2023Updated 2 years ago
- Generates visualizations from the output of flow tools such as SiLK.☆35Dec 8, 2016Updated 9 years ago
- This repository will teach you got to present my talk "Security is everybody's job", a talk about DevSecOps.☆27Sep 20, 2022Updated 3 years ago
- InvestigationPlaybookSpec☆71Sep 26, 2017Updated 8 years ago
- Bro scripts for the ROCK platform. http://rocknsm.io☆34Jul 2, 2023Updated 2 years ago
- Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE☆32May 25, 2024Updated last year
- Bro scripts to be shared with the community☆110Mar 6, 2013Updated 12 years ago
- brostash: Linux distribution based on Debian and focusing on network security events collection☆33Aug 30, 2020Updated 5 years ago
- Plugin providing native AF_Packet support for Zeek.☆33Oct 22, 2025Updated 3 months ago
- ELK configuration files for Forensic Analysts and Incident Handlers (unmaintained)☆179Jul 10, 2019Updated 6 years ago
- Small program to generate a Graphviz dot file to visualize a SQLite schema and foreign keys structure☆13Mar 6, 2017Updated 8 years ago
- Fork of setblocksize☆10Jan 17, 2019Updated 7 years ago
- This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.☆22Jan 30, 2018Updated 8 years ago
- Scripts that cover the basics of interacting with the Threat Grid API☆11Jan 21, 2020Updated 6 years ago
- Fix for the CVE-2021-36934☆10Oct 15, 2021Updated 4 years ago
- PowerShell tool to enumerate existing exclusions in Windows Defender as low privileged user☆12Oct 14, 2024Updated last year