evtx-hunter
EVTX-to-MITRE-Attack
Our great sponsors
| evtx-hunter | EVTX-to-MITRE-Attack | |
|---|---|---|
| 2 | 2 | |
| 137 | 476 | |
| 0.0% | - | |
| 0.0 | 3.7 | |
| over 2 years ago | about 2 months ago | |
| Python | ||
| GNU General Public License v3.0 only | Creative Commons Zero v1.0 Universal |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
evtx-hunter
EVTX-to-MITRE-Attack
-
Mapping MITRE ATT&CK with Window Event Log IDs
Direct GitHub link bc ads. Like I commented last time I saw this project, I think it's a good starting point, but an important note: These mappings are 1:1. You should not limit your correlations to 1:1, but rather one ATT&CK term to many event IDs. Each technique can often be mapped to many, many different event IDs. And analysis / alerting on these events needs to be context aware, looking at other events before and after. When we approached this problem (mapping ATT&CK to detection logic) we realized there was almost never a scenario where event IDs could map 1:1 with the ATT&CK Matrix.
Source Github Link no ads.
What are some alternatives?
beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
SIGMA-detection-rules - Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques
APT-Hunter - APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
SysmonConfigPusher - Pushes Sysmon Configs
IntelOwl - IntelOwl: manage your Threat Intelligence at scale
EVTX-ATTACK-SAMPLES - Windows Events Attack Samples
Watcher - Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Microsoft-eventlog-mindmap - Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
python-evtx - Pure Python parser for Windows Event Log files (.evtx)
netsec-goggle - High signal information security sources Goggle.
intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.