EVTX-ATTACK-SAMPLES
ThreatHunting-Keywords
EVTX-ATTACK-SAMPLES | ThreatHunting-Keywords | |
---|---|---|
1 | 1 | |
2,126 | 338 | |
- | - | |
0.0 | 9.4 | |
over 1 year ago | 1 day ago | |
HTML | HTML | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
EVTX-ATTACK-SAMPLES
-
Sample firewall/SIEM logs
Samir has great repo for logs with attacks occurred in it, for Windows, MacOS and Network - https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES
ThreatHunting-Keywords
-
List of offensive tools keywords for ThreatHunting
more information here: https://github.com/mthcht/ThreatHunting-Keywords
What are some alternatives?
mordor - Re-play Adversarial Techniques
sysmon-config - Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
reversinglabs-siem-rules - A collection of various SIEM rules relating to malware family groups.
sysmon-modular - A repository of sysmon configuration modules
awesome-lists - Security lists for SOC detections
EVTX-to-MITRE-Attack - Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
Purpleteam - Purpleteam scripts simulation & Detection - trigger events for SOC detections
ASH-IR-Dataset - An impulse response dataset for binaural synthesis of spatial audio systems on headphones
MurMurHash - This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.