WELA
SIEM
WELA | SIEM | |
---|---|---|
3 | 1 | |
678 | 513 | |
4.0% | - | |
0.0 | 6.3 | |
about 1 year ago | 4 days ago | |
PowerShell | ||
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
WELA
SIEM
-
Best practices for SIEM?
This is a good start IMO
What are some alternatives?
hayabusa - Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
hunt-searchengine
teler - Real-time HTTP Intrusion Detection
threathunting-spl - Splunk code (SPL) for serious threat hunters and detection engineers.
WindowsDFIR - Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.
timesketch - Collaborative forensic timeline analysis
Threat_Model_Examples - Collection of Threat Models
PoShLog - :nut_and_bolt: PoShLog is PowerShell cross-platform logging module. It allows you to log structured event data into console, file and much more places easily. It's built upon great C# logging library Serilog - https://serilog.net/
slides-talks - My own cybersecurity research talks/slides
chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
WinLoginAudit - Send realtime Windows Login Audit trail to Telegram messenger