Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques ...
Security event correlation engine for ELK stack
A collection of PowerShell modules designed for artifact gathering and r...
Encyclopedia for Executables
Awesome list of keywords and artifacts for Threat Hunting sessions
A robust, and flexible open source User & Entity Behavior Analytics (UEB...
A datasource assessment on an event level to show potential coverage or ...
Test Blue Team detections without running any attack.
Splunk code (SPL) for serious threat hunters and detection engineers.
Microsoft Sentinel SOC Operations
** README ** This repo has MOVED to https://github.com/quadrantsec/sagan
Open-source framework to detect outliers in Elasticsearch events
An open-source, real-time Security Information & Event Management tool b...
Repository with Sample KQL Query examples for Threat Hunting
Customizable SIEM and XDR powered by Real-Time correlation and Threat In...