neslog's repositories
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
bro-osquery
Bro integration with osquery
bro-packages
LIsting of Bro Packages
bro-sysmon
How to Zeek Sysmon Logs!
bro_scripts
Various Bro scripts
BroSysmon-Vagrant
Vagrant file to create Win32 VM for Bro-Sysmon Environment.
intel_feeds
Gathering list of intel feeds to use
malwoverview
Malwoverview.py is a first response tool to perform an initial and quick triage on either a directory containing malware samples or a specific malware sample.
misc-Hyara
Yara rule making tool (IDA Plugin)
puppet_bro
Puppet module for installing bro.
puppet_examples
Samples of Puppet manifests
spicy-noise
A Spicy protocol analyzer for WireGuard
suricata-rpms
Suricata RPMs for CentOS/EL
the-endorser
An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.
vaw_decode
vawtrak traffic decoder
zeek
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
zeek-plugin-noise
Spicy-Noise implementation in Binpac.