Microsoft-365-Defender-Hunting-Queries
DISCONTINUED
HELK
Our great sponsors
| Microsoft-365-Defender-Hunting-Queries | HELK | |
|---|---|---|
| 14 | 8 | |
| 1,408 | 3,362 | |
| - | - | |
| 9.0 | 0.0 | |
| 12 months ago | over 1 year ago | |
| Jupyter Notebook | Jupyter Notebook | |
| MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Microsoft-365-Defender-Hunting-Queries
HELK
-
Home Virtual SIEM Lab Suggestions?
HELK + Mordor combo https://github.com/Cyb3rWard0g/HELK
- Threat hunting Playbooks
-
SOC with machine learning
On a side note - I somehow have the feeling that you are trying to recreate https://github.com/Cyb3rWard0g/HELK
-
Elastic for security
You can find tools that leverage ELK that aren't necessarily plugins. SIEM looks like it has some free component to it, too: https://github.com/Cyb3rWard0g/HELK https://www.elastic.co/blog/elastic-siem-free-open
-
Home lab with security monitoring tools?
HELK can help for the SIEM and detection part
What are some alternatives?
pfelk - pfSense/OPNsense + Elastic Stack
docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
Azure-Sentinel - Cloud-native SIEM for intelligent security analytics for your entire enterprise.
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
security-onion - Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
jupyter2kibana - A Workflow for Data Scientists to bring Jupyter Notebook Visualizations to Kibana Dashboards
praeco - Elasticsearch alerting made simple.
go-stash - go-stash is a high performance, free and open source server-side data processing pipeline that ingests data from Kafka, processes it, and then sends it to ElasticSearch.
sigma - Main Rule Repository
Hunting-Queries-Detection-Rules - Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.