Alternatives and similar repositories for SME

Users that are interested in SME are comparing it to the libraries listed below

• nccgroup / nmap-nse-vulnerability-scripts
  NMAP Vulnerability Scanning Scripts
  ☆628Updated 3 years ago
• zeronetworks / BlueHound
  BlueHound - pinpoint the security issues that actually matter
  ☆748Updated 2 years ago
• ScarredMonk / SysmonSimulator
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆855Updated 3 years ago
• darkquasar / AzureHunter
  A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
  ☆788Updated 2 years ago
• JSCU-NL / logging-essentials
  A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention.
  ☆289Updated 4 years ago
• activecm / BeaKer
  Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
  ☆298Updated last week
• mamun-sec / dfirt
  Collect information of Windows PC when doing incident response
  ☆252Updated 2 years ago
• mdecrevoisier / Microsoft-eventlog-mindmap
  Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
  ☆1,088Updated last year
• Azure / SimuLand
  Understand adversary tradecraft and improve detection strategies
  ☆714Updated 2 years ago
• ukncsc / lme
  Logging Made Easy
  ☆710Updated last year
• blackhillsinfosec / EventLogging
  Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
  ☆485Updated 10 months ago
• fox-it / dissect
  Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts…
  ☆1,044Updated last week
• Neo23x0 / sysmon-config
  Sysmon configuration file template with default high-quality event tracing
  ☆516Updated last week
• CrowdStrike / CRT
  Contact: CRT@crowdstrike.com
  ☆741Updated 2 years ago
• nsacyber / Mitigating-Obsolete-TLS
  Guidance for mitigating obsolete Transport Layer Security configurations. #nsacyber
  ☆271Updated 4 years ago
• Yamato-Security / WELA-deprecated
  WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）
  ☆782Updated 2 years ago
• GossiTheDog / ThreatHunting
  Tools for hunting for threats.
  ☆595Updated 5 months ago
• PlumHound / PlumHound
  Bloodhound Reporting for Blue and Purple Teams
  ☆1,232Updated 7 months ago
• iknowjason / PurpleCloud
  A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-pur…
  ☆596Updated 6 months ago
• punk-security / smbeagle
  SMBeagle - Fileshare auditing tool.
  ☆725Updated last month
• cisagov / bad-practices
  CISA's catalog of bad practices that are exceptionally risky.
  ☆210Updated last week
• p3hndrx / B-B-Shuffle
  Dashboard for conducting Backdoors and Breaches sessions over Zoom.
  ☆115Updated 11 months ago
• olafhartong / sysmon-cheatsheet
  All sysmon event types and their fields explained
  ☆557Updated 3 years ago
• scythe-io / purple-team-exercise-framework
  Purple Team Exercise Framework
  ☆739Updated last year
• stuhli / awesome-event-ids
  Collection of Event ID ressources useful for Digital Forensics and Incident Response
  ☆630Updated last year
• mandiant / Mandiant-Azure-AD-Investigator
  ☆638Updated 2 years ago
• Neo23x0 / BlueLedger
  A list of my personal projects
  ☆177Updated 3 years ago
• Yamato-Security / EnableWindowsLogSettings
  Documentation and scripts to properly enable Windows event logs.
  ☆632Updated 2 years ago
• christophetd / Adaz
  Deploy customizable Active Directory labs in Azure - automatically.
  ☆426Updated 10 months ago
• cyberdefenders / DetectionLabELK
  DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
  ☆572Updated 3 years ago