Olaf Hartong's repositories
sysmon-modular
A repository of sysmon configuration modules
ThreatHunting
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
sysmon-cheatsheet
All sysmon event types and their fields explained
ATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
MDE-AuditCheck
MDE relies on some of the Audit settings to be enabled
Presentations
My conference presentations
TA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment Sever
Sentinel-template-parser
Azure Sentinel Template parser
sysmon-modular-linux
A repository of Sysmon For Linux configuration modules
sysmon-parser
Automatically generated Sysmon parser for Azure Sentinel
SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide
attack_range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
DetectionLab
Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices
Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
reternal-quickstart
Repo containing docker-compose files and setup scripts without having to clone the individual reternal components
azure-rest-api-specs
The source for REST API specifications for Microsoft Azure.
go-azure-sdk
An opinionated Go SDK for Azure Resource Manager
LOLDrivers
Living Off The Land Drivers
SplunkTools
A collection of scripts useful in management of Splunk deployment
terraform-provider-azurerm
Terraform provider for Azure Resource Manager