ionstorm's repositories
exploitguard
Documentation and supporting script sample for Windows Exploit Guard
sentinel-attack
Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework
Panache_Sysmon
Just another sysmon config
AZSentinel
PowerShell module for Azure Sentinel
ConfluentCyberDemo
Analyze Zeek IDS data with ksqlDB running on Confluent Platform via Docker on your laptop. Or spin up an arbitrary number of AWS hosts, each running Confluent Platform and ksqlDB for use in an instructor-led workshop.
cp-siem
A dockerized demo for illustrating how Confluent can be used in a SIEM Modernization use case.
cti
Cyber Threat Intelligence Repository expressed in STIX 2.0
DLLSpy
DLL Hijacking Detection Tool
DropNet
A tool that can be used to close network connections automatically with a given parameters
grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
Graylog-Okta
An integration for Graylog and Okta
humio-fdr-utils
Package to help around crowdstrike/fdr data
k8s-go-sigma-streamer
Repo for project GoAhead talk at ShmooCon 2022
o365beat
Elastic Beat for fetching and shipping Office 365 audit events
ProcessBouncer
ProcessBouncer is a PoC for blocking malware with a process-based approach. With a little fine-tuning this allows to effectively block most of current ransomware that is out there.
PS-SentinelOne
PowerShell module for SentinelOne API
SentinelOne-ATTACK-Queries
MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity
sentinelone-queries
Repository of SentinelOne Deep Visibility queries.
sigma
Generic Signature Format for SIEM Systems
solutions-terraform-jenkins-gitops
Demonstrates the use of Jenkins and Terraform to manage Infrastructure as Code using GitOps practices
