Pinned Repositories
awesome-event-ids
Collection of Event ID ressources useful for Digital Forensics and Incident Response
EVTX-to-MITRE-Attack
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
Microsoft-eventlog-mindmap
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
SIGMA-detection-rules
Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques
Splunk-input-windows-baseline
Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE Att&CK
sysmon-config
Sysmon configuration file template with default high-quality event tracing
Windows-auditing-baseline
Provides an advanced baseline to implement a secure Windows auditing strategy on Windows OS.
Windows-authentication-brutforce-cheatsheet
Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.
windows-itpro-docs
This is used for contributions to the Windows 10 content for IT professionals on docs.microsoft.com.
Windows-WEC-server_auto-deploy
PowerShell scripts for fast Windows Event Collector configuration with Palantir toolset
mdecrevoisier's Repositories
mdecrevoisier/Microsoft-eventlog-mindmap
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
mdecrevoisier/EVTX-to-MITRE-Attack
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
mdecrevoisier/SIGMA-detection-rules
Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques
mdecrevoisier/Splunk-input-windows-baseline
Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE Att&CK
mdecrevoisier/Windows-auditing-baseline
Provides an advanced baseline to implement a secure Windows auditing strategy on Windows OS.
mdecrevoisier/Windows-WEC-server_auto-deploy
PowerShell scripts for fast Windows Event Collector configuration with Palantir toolset
mdecrevoisier/Windows-authentication-brutforce-cheatsheet
Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.
mdecrevoisier/awesome-event-ids
Collection of Event ID ressources useful for Digital Forensics and Incident Response
mdecrevoisier/windows-itpro-docs
This is used for contributions to the Windows 10 content for IT professionals on docs.microsoft.com.
mdecrevoisier/sysmon-config
Sysmon configuration file template with default high-quality event tracing