Olaf Hartong's repositories
sysmon-modular
A repository of sysmon configuration modules
ThreatHunting
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
sysmon-cheatsheet
All sysmon event types and their fields explained
ATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
MDE-AuditCheck
MDE relies on some of the Audit settings to be enabled
DefenderHarvester
Expose a lot of MDE telemetry that is not easily accessible in any searchable form
Presentations
My conference presentations
TA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment Sever
BHCEupload
A small go tool to upload JSON files to the BloodHound community edition API
Sentinel-template-parser
Azure Sentinel Template parser
sysmon-modular-linux
A repository of Sysmon For Linux configuration modules
sysmon-parser
Automatically generated Sysmon parser for Azure Sentinel
attack_range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide
Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
azure-rest-api-specs
The source for REST API specifications for Microsoft Azure.
BloodHound
Six Degrees of Domain Admin
go-azure-sdk
An opinionated Go SDK for Azure Resource Manager
go-keychain
Golang keychain package for iOS and macOS
LOLDrivers
Living Off The Land Drivers
prelude-archive
All open-source content for the Prelude Operator C2 platform
SplunkTools
A collection of scripts useful in management of Splunk deployment
terraform-provider-azurerm
Terraform provider for Azure Resource Manager
tim-data-investigate-platform
TIM is a Kusto investigation platform that enables a user to quickly pivot between data sources; annotate their findings; and promotes collaboration through shared queries (pivots) and centralized tagged events.