wagga40 / Zircolite
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
☆710Updated last month
Alternatives and similar repositories for Zircolite:
Users that are interested in Zircolite are comparing it to the libraries listed below
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆566Updated 3 months ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆902Updated last year
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆357Updated 3 months ago
- ☆515Updated 7 months ago
- Hunting queries and detections☆793Updated 3 months ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆612Updated 10 months ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆726Updated last month
- Documentation and scripts to properly enable Windows event logs.☆608Updated last year
- Automatically created C2 Feeds☆608Updated this week
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆522Updated 2 years ago
- ☆543Updated last year
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆597Updated last month
- Awesome list of keywords and artifacts for Threat Hunting sessions☆565Updated 2 weeks ago
- Threat Hunting tool about Sysmon and graphs☆332Updated last year
- Sysmon configuration file template with default high-quality event tracing☆483Updated last year
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆172Updated this week
- Ransomware simulator written in Golang☆436Updated 2 years ago
- Rules generated from our investigations.☆194Updated last month
- A set of Zeek scripts to detect ATT&CK techniques.☆587Updated 10 months ago
- Repository of YARA rules made by Trellix ATR Team☆594Updated last month
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆556Updated 3 years ago
- Incident Response collection and processing scripts with automated reporting scripts☆299Updated 10 months ago
- Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)☆451Updated this week
- Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red…☆900Updated last week
- Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-Cradle…☆302Updated 3 years ago
- Threat Hunting queries for various attacks☆232Updated last week
- A collection of red team and adversary emulation resources developed and released by MITRE.☆505Updated 4 years ago
- 🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system☆286Updated 3 months ago
- A knowledge base of actionable Incident Response techniques☆636Updated 2 years ago
- Sophos-originated indicators-of-compromise from published reports☆581Updated last month