LogRhythm-Labs

Pinned Repositories

Carbon-Black-SmartResponse
:boom: Carbon Black SIEM Integration and Automation for LogRhythm
Language:PowerShell156
Endpoint-Lockdown
:lock: Isolate a host from the network using PowerShell
Language:PowerShell9 7 05
Extract-Remote-File-SmartResponse
PowerShell Script / SmartResponse to extract files from remote Windows hosts
Language:PowerShell9 5 03
Invoke-Okta
:cyclone: Okta + LogRhythm SIEM = Integration and Automation
Language:PowerShell8 5 04
Microsoft-SysMon-config
Sysmon configuration file template with default high-quality event tracing
20 8 08
PIE
:mailbox: The Phishing Intelligence Engine - An Active Defense PowerShell Framework for Phishing Defense with Office 365
Language:PowerShell180 26 1054
PSRecon
:rocket: PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally.
Language:PowerShell6 6 03
Sigma
Convert Sigma rules to LogRhythm searches
195
System-Monitor-Agent-Maintenance
Utilize PowerShell remoting to perform automated SCSM agent maintenance
Language:PowerShell5 3 01
VirusTotal
:bug: VirusTotal SIEM Integration and Automation
Language:PowerShell18 4 13

LogRhythm-Labs's Repositories

LogRhythm-Labs/PIE
:mailbox: The Phishing Intelligence Engine - An Active Defense PowerShell Framework for Phishing Defense with Office 365
Language:PowerShell180 26 1054
LogRhythm-Labs/Microsoft-SysMon-config
Sysmon configuration file template with default high-quality event tracing
20 8 08
LogRhythm-Labs/Sigma
Convert Sigma rules to LogRhythm searches
195
LogRhythm-Labs/Carbon-Black-SmartResponse
:boom: Carbon Black SIEM Integration and Automation for LogRhythm
Language:PowerShell156
LogRhythm-Labs/Endpoint-Lockdown
:lock: Isolate a host from the network using PowerShell
Language:PowerShell9 7 05
LogRhythm-Labs/Invoke-Okta
:cyclone: Okta + LogRhythm SIEM = Integration and Automation
Language:PowerShell8 5 04
LogRhythm-Labs/PIE-Button
:radio_button: Phishing Intelligence Engine Microsoft Outlook Add-In
Language:C#55
LogRhythm-Labs/Playbooks_CaseAPI
Playbook manipulation via API
Language:PowerShell41
LogRhythm-Labs/SIEM-Speak
:sound: 'Say' for Windows PowerShell
Language:PowerShell42
LogRhythm-Labs/SRP-DisableLocalWindowsAccount
Disables an account on a local Windows system
Language:PowerShell43
LogRhythm-Labs/attack-navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
Language:TypeScript3 4 03
LogRhythm-Labs/SRP-Fortinet
SmartResponse plugin to add IPs and FQDNs to an Address Group.
Language:PowerShell32
LogRhythm-Labs/SRP-VirusTotal
"On-demand" VirusTotal file/URL scanning via the LogRhythm Web Console
Language:C#31
LogRhythm-Labs/ATTACK_STIX_analysis
A collection of scripts for analysis of the MITRE ATT&CK framework via STIX/TAXII
Language:Jupyter Notebook2 3 0
LogRhythm-Labs/covid19-domains
COVID-19 Malicious Domain List Importer
Language:PowerShell21
LogRhythm-Labs/FireEye_breach_artifacts
extracted IOCs and MITRE technique analysis from the December 2020 FireEye breach
2 3 0
LogRhythm-Labs/SRP-KillWindowsProcess
SmartResponse plugin to terminate a process on a Windows host.
Language:PowerShell24
LogRhythm-Labs/SRP-Nmap
Nmap SIEM Integration and Automation for LogRhythm
Language:Lua21
LogRhythm-Labs/abuse.ch_ransomware_scraper
Scrapes the indicator lists from abuse.ch's Ransomware Tracker.
Language:PowerShell13
LogRhythm-Labs/log4Shell
LogRhythm resources for log4Shell detection.
1 3 00
LogRhythm-Labs/LR-attack-navigator-layer
MITRE ATT&CK Navigator layer displaying technique coverage in the MITRE ATT&CK KB Module
1
LogRhythm-Labs/purple_team_cases
Create purple team master Case and per-MITRE-technique Cases for purple team exercise
Language:Jupyter Notebook1 3 0
LogRhythm-Labs/SRP-AddItemToList
Add an item to a text file to be consumed by the LogRhythm Job Manager
Language:PowerShell12
LogRhythm-Labs/SRP-CiscoISE
SmartResponse plugin to quarantine a host via Cisco ISE
Language:PowerShell11
LogRhythm-Labs/sunburst_iocs
List of IOCs from CISA STIX feed related to Alert AA20-352A
1 4 00
LogRhythm-Labs/Hafnium-IOCs
Curated list of IOCs involving March 2021 Exchange 0 Day Attacks.
00
LogRhythm-Labs/lrlabs_oktaAIEtrendRules
AIE Trend Rules being released in conjunction with blog "Detecting Attacks and Compromises: A SIEM perspective from the recent LAPSUS$ supply chain attack"
00
LogRhythm-Labs/Invoke-Hue
:rotating_light: PowerShell Philips Hue Integration and Automation
Language:PowerShell1
LogRhythm-Labs/Invoke-Wrike
:chart_with_upwards_trend: Wrike PowerShell API Integration and Automation
Language:PowerShell1
LogRhythm-Labs/SRP-DisableADAccount
Disables a specified Active Directory account using either default Job Manager credentials or specified credentials.
Language:PowerShell1