Binary Edge
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
As organizations go through the Autonomic Security modernization journey, this repository serves as a community-driven list of sample security analytics for auditing cloud usage and for detecting threats to your data & workloads in Google Cloud. These may assist detection engineers, threat hunters and data governance analysts. CSA is a set of foundational security analytics designed to provide organizations with a rich baseline of pre-built queries and rules that they can readily use to start analyzing their Google Cloud logs including Cloud Audit logs, VPC Flow logs, DNS logs, and more using cloud-native or third-party analytics tools. The source code is provided as is, without warranty. See Copyright & License below. Current release include: YARA-L rules for Google Security Operations SQL queries for BigQuery SQL queries for Log Analytics The security use cases below are grouped in 6 categories depending on underlying activity type and log sources: 🚦 Login & Access Patterns 🔑 IAM, Keys & Secrets Admin Activity 🏗️ Cloud Provisoning Activity ☁️ Cloud Workload Usage 💧 Data Usage ⚡ Network Activity To learn more about the variety of Google Cloud log
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
Deception based detection techniques with MITRE ATT&CK mapping and Honey Resources.
Python APIs for serializing and de-serializing STIX2 JSON content with higher-level APIs for common tasks.
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
Threat intelligence platform providing real-time threat data and insights.
A tool for identifying potential security threats by fetching known URLs and filtering out URLs with open redirection or SSRF parameters.