tuckner's repositories
bolt-docker
A container that runs Slack Bolt to receive message events and send to a webhook
automation-capability-matrix
A tool that allows you to document and assess any security automation in your SOC
webhook-plugin
A Chrome plugin which creates a context menu to send a page's URL and contents to a webhook
presentations
Resources and recordings for various presentations
tines-connect
ngrok container to use with Tines
detection-rules
Rules for Elastic Security's detection engine
awesome-detection-engineering
A list of useful Detection Engineering-related resources.
Sooty
The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
quickstart-snyk-security
AWS Quick Start Team
cuckoo-bot
Simple Slack bot to submit hashes to a Cuckoo Sandbox instance
tines-example-stories
A collection of Tines example stories as export files and Terraform.
atc-react
A knowledge base of actionable Incident Response techniques
tines-deploy-actions
An example of how to deploy Tines stories using Github Actions and Terraform
python-tines
Tines API Wrapper
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
EVTX-ATTACK-SAMPLES
Windows Events Samples
attack-navigator-layers
Collection of ATT&CK research with ATTT&CK Navigator layers
sigma
Generic Signature Format for SIEM Systems
netwitness-urlscan
Context Menu for RSA NetWitness to search for a domain on urlscan.io
ansible-art
Action Plugin for Ansible as an execution framework for Atomic Red Team by Red Canary
vagrant-check-point
Vagrantfile for turning up Check Point firewall lab environments
ansible
Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications— automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.