An ELK environment containing interesting security datasets.

Re-play Adversarial Techniques

Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifyin…

A framework for developing alerting and detection strategies for incident response.

Detect Tactics, Techniques & Combat Threats

Dettectinator - The Python library to your DeTT&CT YAML files.

PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection rules and undertake various security tasks, all accessible …

Automate the creation of a lab environment complete with security tooling and logging best practices

QRadar Offense Ticketing Integration with ServiceNow Incident Management

Python Script - GET open offenses (with time offset from qRadar & POST them to ServiceNOW EM

Download a list of suspected malicious IPs and Domains. Create a QRadar Reference Set. Search Your Environment For Malicious IPs

Python scripts for QRadar

MISP IOCs integration to QRadar SIEM reference sets. This is @\syloktools scripts which I split into dedicated script for downloading hashes, urls, domains, and IPs to fulfil my needs.

Qradar: IOCs Detection Script is a python script to help you search for IOCs in your environment through Qradar's logs using its API

This scripts helps to analyze the rules in QRadar and identify those test that can cause performance problems.

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

A repository for using windows event forwarding for incident detection and response

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

🚀 IRIS-SOAR: Modular SOAR (Security Orchestration, Automation, and Response) implementation in Python. Designed to complement DFIR-IRIS through playbook automation and seamless integrations. Easily…

Powershell script to query IBM Qradar SIEM and to generate KPI

USOM cyber intelligence integration with Qradar

Provide a ready-built dataset of matched Sigma-AQL rule files, generated using rules provided in SigmaHQ/sigma and the field-level PySigma IBM QRadar AQL backend.

Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques

Security Scripts and Sources for daily usage.

Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to automated phishing domain investigations. However it can be used …

A pySigma wrapper and langchain toolkit for automatic rule creation/translation

simple webapp for converting sigma rules into siem queries using the pySigma library

Adversary tradecraft detection, protection, and hunting