weslambert

securityonion-misp

misp2elastalert

Convert MISP events to Elastalert rules

velociraptor-misp

Artifacts for integrating MISP with Velociraptor

securityonion-otx

BlueCloud

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

Cortex-Analyzers

Cortex Analyzers Repository

APTSimulator

A toolset to make a system look as if it was the victim of an APT attack

LinuxCatScale

Incident Response collection and processing scripts with automated reporting scripts

presentations

securityonion-cloud

timesketch

Collaborative forensic timeline analysis

velociraptor-ecs

ECS Mappings for Velociraptor Artifacts

beats

:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash

CortexDocs

Documentation of Cortex

CyberChef-server

A server providing RESTful access to CyberChef

elastalert

Easy & Flexible Alerting With ElasticSearch

JNDIExploit

A malicious LDAP server for JNDI injection attacks

misc

mordor

Re-play Adversarial Techniques

py-idstools

idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)

securityonion-cloud-1

securityonion-docs

securityonion-elastic

Security Onion Elastic Stack

securityonion-elastic-misc

Misc scripts for Security Onion + Elastic Stack

securityonion-saltstack

sigma

Generic Signature Format for SIEM Systems

strelka

Real-time, container-based file scanning at enterprise scale

TheHiveDocs

Documentation of TheHive

unfurl

Extract and Visualize Data from URLs using Unfurl

workshops