vertoforce / docker-sof-elkLinks
A dockerized version of the sof-elk project
☆13Updated 5 years ago
Alternatives and similar repositories for docker-sof-elk
Users that are interested in docker-sof-elk are comparing it to the libraries listed below
Sorting:
- Scripts to facilitate filtering with Plaso☆126Updated 5 years ago
- ☆42Updated 4 years ago
- Invoke-LiveResponse☆149Updated 3 years ago
- Mark Baggett's (@MarkBaggett - GSE #15, SANS SEC573 Author) tool for detecting randomness using NLP techniques rather than pure entropy c…☆129Updated 2 years ago
- Library of python scripts to apply Data Science in several forensics artifacts☆31Updated 5 years ago
- ATT&CK Remote Threat Hunting Incident Response☆203Updated 8 months ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆205Updated 3 years ago
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆84Updated last year
- Web application to create indexes for GIAC certification examinations.☆144Updated 2 years ago
- Tools to automate and/or expedite response.☆115Updated last year
- Collection of useful, up to date, Carbon Black Response Queries☆84Updated 4 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆112Updated 5 years ago
- Dump of organized knowledge on DFIR☆135Updated 3 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆75Updated last year
- 2021 SANS DFIR Summit: Greppin' Logs☆20Updated 4 years ago
- ☆32Updated last year
- A Splunk app to use MISP in background☆111Updated 2 weeks ago
- Office365 Log Analysis Framework☆81Updated 6 years ago
- A GeoIP lookup utility utilizing ipinfo.io services.☆89Updated last year
- This is a set of tools for doing forensics analysis on Microsoft ESE databases.☆125Updated 3 years ago
- Detection Ideas & Rules repository.☆179Updated 3 years ago
- Security Monitoring Resolution Categories☆138Updated 3 years ago
- Crack base64(sha256(username)) hash from Microsoft Event ID 1029☆22Updated 2 years ago
- ☆77Updated 6 years ago
- ☆35Updated 9 months ago
- Volatility plugins developed and maintained by the community☆21Updated 10 months ago
- This is a repository for freq.py and freq_server.py☆210Updated 5 years ago
- ☆55Updated 4 years ago
- Identifies physical locations where a laptop has been based upon wireless profiles and wireless data recorded in event logs☆93Updated 4 years ago
- Parses KAPE module files and downloads binaries referenced by BinaryURL☆18Updated 5 years ago