PowerShell module for Azure Sentinel
Analyze Zeek IDS data with ksqlDB running on Confluent Platform via Docker on your laptop. Or spin up an arbitrary number of AWS hosts, each running Confluent Platform and ksqlDB for use in an instructor-led workshop.
A dockerized demo for illustrating how Confluent can be used in a SIEM Modernization use case.
Cyber Threat Intelligence Repository expressed in STIX 2.0
DLL Hijacking Detection Tool
A tool that can be used to close network connections automatically with a given parameters
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
An integration for Graylog and Okta
Package to help around crowdstrike/fdr data
Repo for project GoAhead talk at ShmooCon 2022
Elastic Beat for fetching and shipping Office 365 audit events
ProcessBouncer is a PoC for blocking malware with a process-based approach. With a little fine-tuning this allows to effectively block most of current ransomware that is out there.
PowerShell module for SentinelOne API
MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity
Repository of SentinelOne Deep Visibility queries.
Generic Signature Format for SIEM Systems
Demonstrates the use of Jenkins and Terraform to manage Infrastructure as Code using GitOps practices