Cybersecurity and Infrastructure Security Agency

Commit today, secure tomorrow.

United States of America

Pinned Repositories

cset
Cybersecurity Evaluation Tool
Language:TSQL1.7k 74 174300
decider
A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
Language:HTML1.2k 30 30135
development-guide
A set of guidelines and best practices for an awesome engineering team
Language:Python252 22 2765
LME
Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure. LME Docs can be found at https://cisagov.github.io/lme-docs/docs/
Language:Python1.1k 25 375119
log4j-scanner
log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
Language:Java1.3k 47 17213
Malcolm
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
Language:Python2.2k 54 392381
manage.get.gov
A Django-based domain name registrar that interfaces with an EPP registry
Language:Python71 8 2.2k26
RedEye
RedEye is a visual analytic tool supporting Red & Blue Team operations
Language:TypeScript2.7k 44 30287
ScubaGear
Automation to assess the state of your M365 tenant against CISA's baselines
Language:PowerShell2.3k 56 1.1k314
Sparrow
Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.
Language:PowerShell1.4k 108 60188

Cybersecurity and Infrastructure Security Agency's Repositories

cisagov/ScubaGear
Automation to assess the state of your M365 tenant against CISA's baselines
Language:PowerShell2.3k 56 1.1k314
cisagov/cset
Cybersecurity Evaluation Tool
Language:TSQL1.7k 74 174300
cisagov/LME
Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure. LME Docs can be found at https://cisagov.github.io/lme-docs/docs/
Language:Python1.1k 25 375119
cisagov/thorium
A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.
Language:Rust935111
cisagov/vulnrichment
A repo to conduct vulnerability enrichment.
682 26 10082
cisagov/dotgov-data
Official list of .gov domains
Language:Shell278 28 2582
cisagov/ScubaGoggles
SCuBA Secure Configuration Baselines and assessment tool for Google Workspace
Language:Open Policy Agent255 12 42840
cisagov/manage.get.gov
A Django-based domain name registrar that interfaces with an EPP registry
Language:Python71 8 2.2k26
cisagov/cyhy_amis
AWS infrastructure for Cyber Hygiene and BOD 18-01 scanning
Language:HCL22 7 757
cisagov/XFD
CyHy Dashboard
Language:Python22 6 21610
cisagov/admiral
Distributed certificate transparency log harvester
Language:Python18 6 196
cisagov/cyhy-core
Core code for Cyber Hygiene (CyHy)
Language:Python12 8 2814
cisagov/skeleton-packer
A skeleton project for quickly getting a new cisagov packer project started.
Language:HCL9 6 225
cisagov/ansible-role-guacamole
An Ansible role for installing cisagov/guacamole-composition
Language:Shell7 6 45
cisagov/guacscanner
Scan for EC2 instances added (removed) from a VPC and create (destroy) the corresponding Guacamole connections.
Language:Python7 5 96
cisagov/ansible-role-cyhy-reports
An Ansible role for installing cisagov/cyhy-reports.
Language:Shell6 5 15
cisagov/ansible-role-ncats-webd
An Ansible role for installing cisagov/ncats-webd.
Language:Shell6 6 14
cisagov/skeleton-ansible-role-with-test-user
A skeleton project for quickly getting a new cisagov Ansible role started when that role requires an AWS test user.
Language:Shell6 5 64
cisagov/publish-egress-ip-lambda
A Lambda function that scans a set of AWS accounts and publishes file(s) (to an S3 bucket) containing the public IP addresses of EC2 instances or Elastic IPs that have been properly tagged
Language:Python5 7 03
cisagov/code-gov-update
Update the DHS code.gov JSON
Language:Shell4 5 53
cisagov/cool-sharedservices-cdm
Terraform code to create a site-to-site VPN tunnel between the COOL and the CISA CDM (Continuous Diagnostics and Mitigation) environment, as well as some related resources to feed COOL logging data to CDM.
Language:HCL4 4 03
cisagov/skeleton-tf-module
A skeleton project for quickly getting a new cisagov Terraform module started.
Language:Shell4 6 104
cisagov/aws-lambda-with-cloudwatch-trigger-tf-module
Language:Shell2 4 02
cisagov/cyhy-account
Language:Shell22
cisagov/cyhy-nvdsync-lambda-terraform
Language:Shell2 5 02
cisagov/cyhy-tf-root
Terraform code to deploy a Cyber Hygiene (CyHy) environment in AWS
Language:HCL22
cisagov/lme-docs
New Landing page for all documentation around CISA's Logging Made Easy project
Language:HTML21
cisagov/mongo-db-from-config
Simple library to instantiate a MongoDB database connection based on the data in a YAML configuration file
Language:Shell2 9 02
cisagov/skeleton-tf-root-module
Language:Shell2 2 02
cisagov/ansible-role-valkey-cli
Language:Shell