ionstorm's repositories
sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
exploitguard
Documentation and supporting script sample for Windows Exploit Guard
SysmonCommon
The common parts of the Sysinternals Sysmon tool shared between the Windows and Linux versions.
ace-proctree
Create a cool process tree like https://twitter.com/ACEResponder.
ConfluentCyberDemo
Analyze Zeek IDS data with ksqlDB running on Confluent Platform via Docker on your laptop. Or spin up an arbitrary number of AWS hosts, each running Confluent Platform and ksqlDB for use in an instructor-led workshop.
falcon-query-assets
Welcome to the Falcon Query Assets GitHub page.
Graylog-Okta
An integration for Graylog and Okta
humio-fdr-utils
Package to help around crowdstrike/fdr data
k8s-go-sigma-streamer
Repo for project GoAhead talk at ShmooCon 2022
ksql-extras
UDF/UDAFs for KSQL and example Queries.
ProcessBouncer
ProcessBouncer is a PoC for blocking malware with a process-based approach. With a little fine-tuning this allows to effectively block most of current ransomware that is out there.
PS-SentinelOne
PowerShell module for SentinelOne API
SentinelOne-ATTACK-Queries
MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity
sentinelone-queries
Repository of SentinelOne Deep Visibility queries.
solutions-terraform-jenkins-gitops
Demonstrates the use of Jenkins and Terraform to manage Infrastructure as Code using GitOps practices