There are no reviews yet. Be the first to send feedback to the community and the maintainers!
sysmon-modular
A repository of sysmon configuration modulesThreatHunting
A Splunk app mapped to MITRE ATT&CK to guide your threat huntssysmon-cheatsheet
All sysmon event types and their fields explainedATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK frameworkMDE-AuditCheck
MDE relies on some of the Audit settings to be enabledPresentations
My conference presentationsdetection-sources
DefenderHarvester
Expose a lot of MDE telemetry that is not easily accessible in any searchable formTA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment SeverWDACme
A WDAC configuration repository with the sole intention of enriching MDEparsoalto
Palo Alto Networks Rule ParserSentinel-template-parser
Azure Sentinel Template parserSA-Threat-Hunting
Splunk app for Threat huntingsysmon-modular-linux
A repository of Sysmon For Linux configuration modulessysmon-parser
Automatically generated Sysmon parser for Azure Sentinelunfetter-discover
Unfetter-Discover Vagrant script for the Unfetter-Discover docker releasescripts
just random simple scriptsdisposable-windows
A packer project to quickly have a test / dev / IR boxolafhartong
BHCEupload
A small go tool to upload JSON files to the BloodHound community edition APILove Open Source and this site? Check out how you can help us