IOK (Indicator Of Kit) is an open source language and ruleset for detecting phishing threat actor tools and tactics
-
Updated
Jul 14, 2024 - Go
IOK (Indicator Of Kit) is an open source language and ruleset for detecting phishing threat actor tools and tactics
Awesome list of keywords and artifacts for Threat Hunting sessions
A small script that creates relationships between common CTI knowledge-bases in STIX 2.1 format.
Sigma detection rules for hunting with the threathunting-keywords project
A command line tool that converts Sigma Rules into STIX 2.1 Objects.
This repository contains security detection rules I've created, using the flexible and open Sigma standard, designed to enhance consistency and efficiency in security operations across various log files.
a new network detection format (sigma like but for network)
Web app that allows you to browse and explore the Sigma rules supported by uberAgent ESA's Threat Detection Engine.
uberAgent backend for the Sigma rule converter.
Python tool for analyzing Windows event logs using Sigma rules for threat detection
SysFlow edge processing pipeline
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
Convert Sigma Rules to different formats
An Autopsy data source ingest module for detection of IOCs in EVTX for Windows and Auditd for Linux based on SIGMA Rules.
Framework definitions that allow to build a custom SIEM.
Analyzes tags of Sigma, Yara and CSIEM rules
Threat Detection Repository - YARA / SIGMA rules
Add a description, image, and links to the sigma-rules topic page so that developers can more easily learn about it.
To associate your repository with the sigma-rules topic, visit your repo's landing page and select "manage topics."