Marsidi

Marsidi's Stars

• socfortress/Playbooks

  Playbooks for SOC Analysts

  14154

• socfortress/Wazuh-Rules

  Advanced Wazuh Rules for more accurate threat detection. Feel free to implement within your own Wazuh environment, contribute, or fork!

  Language:Python591169

• palantir/windows-event-forwarding

  A repository for using windows event forwarding for incident detection and response

  Language:Roff1.2k267

• V1D1AN/S1EM

  This project is a SIEM with SIRP and Threat Intel, all in one.

  Language:Shell41080

• swimlane/elk-tls-docker

  This repository contains code to create a ELK stack with certificates & security enabled using docker-compose

  Language:Python18668

• BlackPerl-DFIR/SOC-OpenSource

  This is a Project Designed for Security Analysts and all SOC audiences who wants to play with implementation and explore the Modern SOC architecture.

  623161

• 3CORESec/SIEGMA

  SIEGMA - Transform Sigma rules into SIEM consumables

  Language:Python14121

• JPCERTCC/LogonTracer

  Investigate malicious Windows logon by visualizing and analyzing Windows event log

  Language:Python2.7k442

• nasbench/SIGMA-Resources

  Resources To Learn And Understand SIGMA Rules

  16514

• elastic/detection-rules

  Language:Python2k498

• stuhli/awesome-event-ids

  Collection of Event ID ressources useful for Digital Forensics and Incident Response

  58184

• microsoft/Microsoft-365-Defender-Hunting-Queries

  Sample queries for Advanced hunting in Microsoft 365 Defender

  Language:Jupyter Notebook1.9k538

• picussecurity/picuslabs

  Picus Labs

  Language:PowerShell4213

• vinyll/django-imagefit

  Resize an image on render. Preserve your original file on your system.

  Language:Python8440

• sbousseaden/EVTX-ATTACK-SAMPLES

  Windows Events Attack Samples

  Language:HTML2.2k398

• Cyb3rWard0g/Invoke-ATTACKAPI

  A PowerShell script to interact with the MITRE ATT&CK Framework via its own API

  Language:PowerShell36782

• mitre/cti

  Cyber Threat Intelligence Repository expressed in STIX 2.0

  1.7k415

• mitre-attack/tram

  Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.

  Language:JavaScript34566

• atc-project/atomic-threat-coverage

  Actionable analytics designed to combat threats

  Language:Python972157

• xenoscr/atomiccaldera

  A MITRE Caldera plugin written in Python 3 used to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files.

  Language:Python7122

• OTRF/ATTACK-Python-Client

  Python Script to access ATT&CK content available in STIX via a public TAXII server

  Language:Python556114

• guardicore/monkey

  Infection Monkey - An open-source adversary emulation platform

  Language:Python6.7k784

• NextronSystems/APTSimulator

  A toolset to make a system look as if it was the victim of an APT attack

  Language:Batchfile2.5k427

• uber-common/metta

  An information security preparedness tool to do adversarial simulation.

  Language:Python1.1k151

• endgameinc/RTA

  Language:Python1k212

• jymcheong/AutoTTP

  Automated Tactics Techniques & Procedures

  Language:Python25164

• praetorian-inc/purple-team-attack-automation

  Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs

  Language:Ruby717118

• SigmaHQ/sigma

  Main Sigma Rule Repository

  Language:Python8.3k2.2k

• mitre/cascade-server

  CASCADE Server

  Language:Python26453

• mitre/caldera

  Automated Adversary Emulation Platform

  Language:Python5.6k1.1k