Community Security Analytics (CSA)
As organizations go through the Autonomic Security modernization journey, this repository serves as a community-driven list of sample security analytics for auditing cloud usage and for detecting threats to your data & workloads in Google Cloud. These may assist detection engineers, threat hunters and data governance analysts. CSA is a set of foundational security analytics designed to provide organizations with a rich baseline of pre-built queries and rules that they can readily use to start analyzing their Google Cloud logs including Cloud Audit logs, VPC Flow logs, DNS logs, and more using cloud-native or third-party analytics tools. The source code is provided as is, without warranty. See Copyright & License below. Current release include: YARA-L rules for Google Security Operations SQL queries for BigQuery SQL queries for Log Analytics The security use cases below are grouped in 6 categories depending on underlying activity type and log sources: 🚦 Login & Access Patterns 🔑 IAM, Keys & Secrets Admin Activity 🏗️ Cloud Provisoning Activity ☁️ Cloud Workload Usage 💧 Data Usage ⚡ Network Activity To learn more about the variety of Google Cloud log
FEATURES
ALTERNATIVES
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A library of event-based analytics written in EQL to detect adversary behaviors, now integrated into the Detection Engine of Kibana.
Cyber Intelligence Management Platform with threat tracking, forensic artifacts, and YARA rule storage.
A collection of Yara rules licensed under the DRL 1.1 License.
A visualization tool for threat analysis that organizes APT campaign information and visualizes relations of IOC.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
An open source threat intelligence platform for storing and managing cyber threat intelligence knowledge.
A tool designed to extract additional value from enterprise-wide AppCompat / AmCache data
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.