A repository of sysmon configuration modules
-
Updated
May 4, 2024 - PowerShell
A repository of sysmon configuration modules
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Microsoft Sentinel SOC Operations
Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Gather Open-Source Intelligence using PowerShell.
Purpleteam scripts simulation & Detection - trigger events for SOC detections
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
Threat Hunting with ELK Workshop (InfoSecWorld 2017)
PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Powershell script to help Speed up Threat hunting incident response processes
incident response scripts
PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
Add a description, image, and links to the threat-hunting topic page so that developers can more easily learn about it.
To associate your repository with the threat-hunting topic, visit your repo's landing page and select "manage topics."