MISP-tools
Import CrowdStrike Threat Intelligence into your instance of MISP (by CrowdStrike)
falcon-query-assets
Welcome to the Falcon Query Assets GitHub page. (by CrowdStrike)
MISP-tools | falcon-query-assets | |
---|---|---|
2 | 4 | |
32 | 95 | |
- | - | |
6.0 | 2.1 | |
10 days ago | 5 months ago | |
Python | Shell | |
MIT License | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MISP-tools
Posts with mentions or reviews of MISP-tools.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-05-13.
-
Ingesting IOCs in to CS from MISP
I'd start with intel_client.py (most CS interactions happen here) and indicators.py (the logic for the handling of indicators, a lot of this is PyMISP-specific but it will help you identify data elements you want to bring over).
falcon-query-assets
Posts with mentions or reviews of falcon-query-assets.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-06-06.
-
Collection of Queries
Event Search Hunting Queries: https://github.com/CrowdStrike/falcon-query-assets/tree/main/Falcon-Event-Search/Threat-Hunting-Queries
-
2023-03-23 - Cool Query Friday - LogScale: The Basics Part I
A large list of case statement transforms, for those interested, can be found on CrowdStrike’s GitHub page here.
-
Logscale Dashboards
I've been working on some detection metric stuff. You can use these two dashboards.
- 2022-09-07 - Cool Query Friday - Fields of Dreams Project
What are some alternatives?
When comparing MISP-tools and falcon-query-assets you can also consider the following projects:
falconpy - The CrowdStrike Falcon SDK for Python
crowdstrike-falcon-queries - A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon
PyMISP - Python library using the MISP Rest API
csfalcon - crowdstrike tips & tricks 🦅 😶🌫️
threatbus - 🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
FalconFriday - Hunting queries and detections
cses2humio - CrowdStrike Falcon Event Stream to Humio