There are no reviews yet. Be the first to send feedback to the community and the maintainers!
sysmon-modular
A repository of sysmon configuration modulesThreatHunting
A Splunk app mapped to MITRE ATT&CK to guide your threat huntssysmon-cheatsheet
All sysmon event types and their fields explainedATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK frameworkMDE-AuditCheck
MDE relies on some of the Audit settings to be enabledPresentations
My conference presentationsdetection-sources
DefenderHarvester
Expose a lot of MDE telemetry that is not easily accessible in any searchable formTA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment SeverWDACme
A WDAC configuration repository with the sole intention of enriching MDEparsoalto
Palo Alto Networks Rule ParserSentinel-template-parser
Azure Sentinel Template parserSA-Threat-Hunting
Splunk app for Threat huntingsysmon-modular-linux
A repository of Sysmon For Linux configuration modulesunfetter-discover
Unfetter-Discover Vagrant script for the Unfetter-Discover docker releasescripts
just random simple scriptsdisposable-windows
A packer project to quickly have a test / dev / IR boxolafhartong
Clear-dminline
After migrating a Cisco ASA config to a Palo Alto config you remain with all these horrible DMINLINE objects, this tool resolves all members and replaces the ogroup object by its membersBHCEupload
A small go tool to upload JSON files to the BloodHound community edition APILove Open Source and this site? Check out how you can help us