Ali Alwashali's repositories
detection-validation
Detection rule validation
persistence_diff
Diff Defender Persistence Locations
forward-bash-history-to-syslog
Forward Bash History to Syslog Server
LogRhythmOne
Controle Multiple LogRhythm SIEMs Alert and Cases from a Single API
Microsoft-Defender-Alert-API-Integration
Microsoft Defender Alert API Integration
gRPC-Remote-Traffic-Capture
Remote trafffic caputre using GRPC and golang
Qradar-Offenses-Jupyter-Notebook
Analyze Qradar Offense Using Jupyter Notebook
Loki-Notebook
Loki Jupyter Notebook
Malware-Traffic-Analysis-Zeek-Dataset
Zeek logs of all malware-traffic-analysis.net PCAPs from 2013 to 08-2021
detection-rules
Rules for Elastic Security's detection engine
EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
elephant
Cache like elephant
gologrhythm
Go API Client for LogRhythm SIEM
Graph-API
Test Microsoft Graph API Endpoints
jekyll-now
Build a Jekyll blog in minutes, without touching the command line.
library
Collection of original report and metadata files that are used by ORKL
LogRhythm-Smart-Response-Webhook-Plugin
Sending alarm id to a webhook as a trigger to initiate a workflow
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
secure-golang-coding-workshop
Demo app to demonstrate security mechanism implementations
sigma
Generic Signature Format for SIEM Systems
sysmon-modular
A repository of sysmon configuration modules
Useful-IR-Commands
Useful Powershell commands I use during IR triage
velociraptor
Digging Deeper....