• Stars
    star
    10
  • Rank 1,807,489 (Top 36 %)
  • Language
    PowerShell
  • Created about 2 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automatically generated Sysmon parser for Azure Sentinel

More Repositories

1

sysmon-modular

A repository of sysmon configuration modules
PowerShell
2,381
star
2

ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
1,090
star
3

sysmon-cheatsheet

All sysmon event types and their fields explained
507
star
4

ATTACKdatamap

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
PowerShell
342
star
5

MDE-AuditCheck

MDE relies on some of the Audit settings to be enabled
PowerShell
92
star
6

Presentations

My conference presentations
63
star
7

detection-sources

51
star
8

DefenderHarvester

Expose a lot of MDE telemetry that is not easily accessible in any searchable form
Go
48
star
9

TA-Sysmon-deploy

Deploy and maintain Symon through the Splunk Deployment Sever
Batchfile
31
star
10

WDACme

A WDAC configuration repository with the sole intention of enriching MDE
20
star
11

parsoalto

Palo Alto Networks Rule Parser
PHP
16
star
12

Sentinel-template-parser

Azure Sentinel Template parser
PowerShell
15
star
13

SA-Threat-Hunting

Splunk app for Threat hunting
13
star
14

sysmon-modular-linux

A repository of Sysmon For Linux configuration modules
12
star
15

unfetter-discover

Unfetter-Discover Vagrant script for the Unfetter-Discover docker release
Shell
8
star
16

scripts

just random simple scripts
Shell
5
star
17

disposable-windows

A packer project to quickly have a test / dev / IR box
2
star
18

olafhartong

2
star
19

Clear-dminline

After migrating a Cisco ASA config to a Palo Alto config you remain with all these horrible DMINLINE objects, this tool resolves all members and replaces the ogroup object by its members
Python
2
star
20

BHCEupload

A small go tool to upload JSON files to the BloodHound community edition API
Go
1
star