ionstorm's repositories
sentinel-attack
Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework
EDR-Testing-Script
Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter payloads
Threat-Intel-Automation
Threat Intel Automation using Graylog and Critical-Stack-Intel
Panache_Sysmon
Just another sysmon config
PowerShell-2
Collection of PowerShell Scripts
SmartThingsPublic
SmartThings open-source DeviceTypeHandlers and SmartApps code
AnchorWatch
A Rogue Device Detection Script with Email Alerts Functionality for Windows Subsystem
ansible-graylog-modules
Ansible modules for the Graylog API
AZSentinel
PowerShell module for Azure Sentinel
elastalert_hive_alerter
This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.
fpm-recipes
Graylog package build recipes
graylog-plugin-alert-wizard
Alert Wizard plugin for Graylog to manage the alert rules
graylog-plugin-logging-alert
Alert notification plugin for Graylog to generate log messages from alerts
graylog2thehive
Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.
influx_snmp
SNMP Data Collection and Analytics with the TICK Stack (Telegraf, InfluxDB, Chronograf and Kapacitor)
Injection-McAfeeIDSAlerts-Graylog
Converts raw McAfee IDS alerts to Common event Format (CEF) compliant messages and finally injects into Graylog
kirbogd-PHDays9
Presentation, queries and sample data from my talk at Positive Hack Days 2019
lme
Logging Made Easy
powershell-3
Miscellaneous powershell scripts
ProcessReimaging
Process reimaging proof of concept code
TA-windnsanalytical
Based on Jake Walter's Windows DNS Analytical Log App (https://splunkbase.splunk.com/app/2937/)
velociraptor
Velociraptor hunts for evil...