Detection Rules
Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.
Dataplane.org is a nonprofit organization that provides free data, tools, and analysis to increase awareness of trends, anomalies, threats, and misconfigurations on the Internet. It operates a distributed network of over 300 nodes across 65 metropolitan areas on 6 continents, offering unparalleled insight into anomalies and risks. The organization provides signals, analysis, and statistics to help Internet engineers, analysts, incident responders, and supporting organizations make the Internet more robust and secure.
Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.
A tool designed to extract additional value from enterprise-wide AppCompat / AmCache data
MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
A reference implementation for collecting events and performing CAR analytics to detect potential adversary activity.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.