maxvarm

linux-siem-audit-configs

Auditd, OSquery, and Falco low-volume process and filesystem auditing configs built for SIEM ingestion

awesome-threat-intelligence

A curated list of Awesome Threat Intelligence resources

ebpf-docker-lsm

Monitor and block specified processes and network connections with this docker-aware KRSI (BPF+LSM) security tool

falco-attack-navigator

memfd-process-hide

Hide process execution from auditd or dynamically load remote binaries using memfd+fexecve syscalls

thm-writeup-apiwizardsbreach

windows-siem-checklist