Pinned Repositories
aaalm
Generate network maps from packet captures
barnyard2-extra
Barnyard2 with "Extra Data" support and other enhancements.
bro-json-to-tsv
(DEPRICATED) Bro JSON to TSV converter.
bzar
A set of Zeek scripts to detect ATT&CK techniques.
Cortex-IR-Incident-Fetcher
The program helps fetched incidents from Cortex XDR IR and index to ElasticSearch for report
Daemonlogger
The Official Github Repository of Daemonlogger
daemonloggerdaq
Daemonlogger modified to use DAQ, primarily for listening on multiple interfaces
ecs-mapping
Grab bag of resources for mapping data to the Elastic Common Schema (ECS)
ElastAlertGrouper
A feature extension to ease the automation of Threat Hunting with ElastAlert and the ELK Stack
email-parser
Trying to parse some SMTP with Python 2.x
CyberTaoFlow's Repositories
CyberTaoFlow/bro-json-to-tsv
(DEPRICATED) Bro JSON to TSV converter.
CyberTaoFlow/bzar
A set of Zeek scripts to detect ATT&CK techniques.
CyberTaoFlow/daemonloggerdaq
Daemonlogger modified to use DAQ, primarily for listening on multiple interfaces
CyberTaoFlow/ecs-mapping
Grab bag of resources for mapping data to the Elastic Common Schema (ECS)
CyberTaoFlow/incident-response-plan-template
A concise, directive, specific, flexible, and free incident response plan template
CyberTaoFlow/osProtect
Network Security IDS/IPS Management and Reporting Interface
CyberTaoFlow/pcapdj
pcapdj - dispatch pcap files
CyberTaoFlow/platform
Proofpoint Platform
CyberTaoFlow/praeco
Elasticsearch alerting made simple.
CyberTaoFlow/sagan-rules-1
CyberTaoFlow/xdr-elk-stack
Logstash config to ingest Cortex XDR alerts
CyberTaoFlow/ansible-pull-example
example skeleton repo for setting up ansible-pull infrastructure
CyberTaoFlow/ansible-suricata
Ansible Role that installs and configures suricata
CyberTaoFlow/applookup
Package applookup for zeek
CyberTaoFlow/beats
:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash
CyberTaoFlow/bro-react
react stuff
CyberTaoFlow/dev-notes
CyberTaoFlow/elastic-detection-lab
This repository serves as a comprehensive recap and detailed write-up showcasing the successful completion and in-depth understanding of TCM Security's course: Detection Engineering for Beginners.
CyberTaoFlow/Elastic-Security
Repo for Automations and other solutions for Elastic SIEM/Security.
CyberTaoFlow/elastic-stack-monitoring-dashboard
CyberTaoFlow/ixgbe-x540-bypass-linux-support
Set of patches for supporting Intel(R) 10GbE PCI Express X540T2BP bypass functions on the Linux Kernel.
CyberTaoFlow/nDPI
Open Source Deep Packet Inspection Software Toolkit
CyberTaoFlow/osquery-packs-and-dashboards
CyberTaoFlow/sagan
Sagan is a multi-threads, high performance log analysis engine. At it's core, Sagan similar to Suricata/Snort but with logs rather than network packets.
CyberTaoFlow/suricata
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
CyberTaoFlow/suricata-update
The tool for updating your Suricata rules.
CyberTaoFlow/Suricata_IDS_IP_Reputation_Based_Detection
Using Suricata with bash scripting to detect malicious IPs. The script update-mdl.sh downloads a list of IP addresses and a list of Malicious IPs. These lists are compared to one another and a rating is applied based on the number of occurances.
CyberTaoFlow/vmtouch
Portable file system cache diagnostics and control
CyberTaoFlow/wec_pepped
Pep up your Windows Event Collector (WEC) for Windows Event Forwarding (WEF)
CyberTaoFlow/zeek_globalwhitelist
Logstretch public files