Community Security Analytics (CSA) Logo

Community Security Analytics (CSA)

0
Free
Visit Website

As organizations go through the Autonomic Security modernization journey, this repository serves as a community-driven list of sample security analytics for auditing cloud usage and for detecting threats to your data & workloads in Google Cloud. These may assist detection engineers, threat hunters and data governance analysts. CSA is a set of foundational security analytics designed to provide organizations with a rich baseline of pre-built queries and rules that they can readily use to start analyzing their Google Cloud logs including Cloud Audit logs, VPC Flow logs, DNS logs, and more using cloud-native or third-party analytics tools. The source code is provided as is, without warranty. See Copyright & License below. Current release include: YARA-L rules for Google Security Operations SQL queries for BigQuery SQL queries for Log Analytics The security use cases below are grouped in 6 categories depending on underlying activity type and log sources: 🚦 Login & Access Patterns 🔑 IAM, Keys & Secrets Admin Activity 🏗️ Cloud Provisoning Activity ☁️ Cloud Workload Usage 💧 Data Usage ⚡ Network Activity To learn more about the variety of Google Cloud log

FEATURES

ALTERNATIVES

A platform providing an activity feed on exploited vulnerabilities.

A framework for managing cyber threat intelligence in structured formats.

A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.

TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.

A tool for extracting IOCs from various input sources and converting them into JSON format.

Open Source Threat Intelligence Gathering and Processing Framework

Repository containing MITRE ATT&CK and CAPEC datasets in STIX 2.0 for cybersecurity threat modeling.

Create deceptive webpages to deceive and redirect attackers away from real websites by cloning them.