Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

SIEM Tactics, Techiques, and Procedures

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Microsoft Sentinel SOC Operations

Encyclopedia for Executables

Tools to create a Native Windows Audit Collection Platform. Active Directory example provided

LogRhythm PowerShell Toolkit

Purpleteam scripts simulation & Detection - trigger events for SOC detections

Ingest Nessus files into Elasticsearch using PowerShell!

Vulnerability detection, OSquery, fully-fledged Wazuh ELK stack with Linux and Windows Wazuh + osquery enrollment via Ansible.

Powershell script to query IBM Qradar SIEM and to generate KPI

A walkthrough of creating and using the Azure environment and Microsoft Sentinel to track attacks and plot attacks on a live map.

Build a fast, free, and effective Threat Hunting/Incident Response Log with Windows Event Forwarding

Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.

Scripts for Splunk Alerts

A PowerShell module interface for working with the Securonix Web API

Ingest Nessus files into Elasticsearch using PowerShell!