|12 months ago||2 days ago|
|Jupyter Notebook||Jupyter Notebook|
|MIT License||MIT License|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Alert rules for Active Directory domain controllers hosted in Azure
2 projects | reddit.com/r/AZURE | 21 Dec 2022
Also see the Sentinel repository on GitHub for a ton of queries to reference: https://github.com/Azure/Azure-Sentinel
Converting syslog to CEF format for Sentinel ingestion
2 projects | reddit.com/r/networking | 3 Nov 2022
here you can find various other types: https://github.com/Azure/Azure-Sentinel/tree/master/Parsers
Installed Graylog. 7 million log entries per month. Now what?
5 projects | reddit.com/r/sysadmin | 27 May 2022
Depending on whether this is up your alley either look for a MSSP/MDR/Managed BlaBla provider or head on to - https://github.com/splunk/security_content - https://www.elastic.co/guide/en/security/current/prebuilt-rules.html - https://github.com/mdecrevoisier/SIGMA-detection-rules - https://github.com/Azure/Azure-Sentinel to get an idea of what to look for. MITRE ATT&CK and the related DETT&CT should serve as an additional eye opener. Ah yes - forgot the bible on log management from Anton Chuvakin in the above list.
Any good threat hunting resources? Looking for query libraries.
2 projects | reddit.com/r/computerforensics | 8 Apr 2022
MSP SIEM Solution
2 projects | reddit.com/r/cybersecurity | 23 Feb 2022
Projects to look into: https://github.com/Azure/Azure-Sentinel https://github.com/Azure/Azure-Sentinel-Notebooks
What are some alternatives?
h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
security-onion - Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
hid-examples - Examples to accompany the book "Haskell in Depth"
HELK - The Hunting ELK
Hunting-Queries-Detection-Rules - Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
CyberThreatHunting - A collection of resources for Threat Hunters - Sponsored by Falcon Guard
cybersecurity-resources - Resources for learning about cybersecurity and CTFs