Main Sigma Rule Repository
翻译 - SIEM系统的通用签名格式
Free and open log management
翻译 - 免费和开源日志管理
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
翻译 - 红队的SIEM-红队的工具,用于跟踪和警告蓝队的活动,以及在长期运营中具有更高的可用性。
DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
翻译 - Docker上的弹性堆栈(ELK),具有预配置的安全性,工具,自我监控和Prometheus指标导出器。
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
A collection of sources of documentation, as well as field best practices, to build/run a SOC
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
#Awesome#A collective list of public APIs for use in security. Contributions welcome
#Awesome#Awesome Security lists for SOC/CERT/CTI
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
Transform Linux Audit logs for SIEM usage
Tenzir is the data pipeline engine for security teams.
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4