Michel de CREVOISIER's repositories
Microsoft-eventlog-mindmap
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
EVTX-to-MITRE-Attack
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
SIGMA-detection-rules
Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques
Splunk-input-windows-baseline
Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE Att&CK
Windows-auditing-baseline
Provides an advanced baseline to implement a secure Windows auditing strategy on Windows OS.
Windows-WEC-server_auto-deploy
PowerShell scripts for fast Windows Event Collector configuration with Palantir toolset
Windows-authentication-brutforce-cheatsheet
Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.
awesome-event-ids
Collection of Event ID ressources useful for Digital Forensics and Incident Response
windows-itpro-docs
This is used for contributions to the Windows 10 content for IT professionals on docs.microsoft.com.
sysmon-config
Sysmon configuration file template with default high-quality event tracing