EVTX-to-MITRE-Attack
Log indicators
Provides Windows log event indicators mapped to MITRE ATT&CK tactic and techniques
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
527 stars
26 watching
87 forks
last commit: 3 months ago
Linked from 1 awesome list
evtxmitre-attackredteamsiemthreat-hunting
stuhli/awesome-event-idsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 mitre/advmlthreatmatrix | A framework to help security analysts understand and prepare for adversarial machine learning attacks on AI systems | 1,050 |
| mitre/cti | A repository providing threat intelligence data in STIX format for security analysis and automation | 1,749 |
 sbousseaden/evtx-attack-samples | A repository of Windows Event log samples associated with various attack and post-exploitation techniques. | 2,252 |
| mdecrevoisier/splunk-input-windows-baseline | Provides an advanced Splunk configuration for collecting Windows log data relevant to threat detection, incident response, and forensic analysis. | 81 |
| mdecrevoisier/microsoft-eventlog-mindmap | Provides detailed mindmaps on Microsoft auditing capacities and event logs for security and monitoring | 1,044 |
 mtnmunuklu/alterix | Converts detection rules and IOCs to be usable with a proprietary SIEM product | 15 |
 yarox24/evtkit | Tool to repair Windows Event Log files (.evt) acquired during forensic investigations | 18 |
 misp/misp-maltego | An integration tool for Maltego to leverage MISP threat intelligence and the MITRE ATT&CK dataset | 170 |
 nshalabi/attack-tools | Utilities for simulating adversary behavior in the context of threat intelligence and security analysis | 1,012 |
 vernamlab/medusa | Automated attack synthesis tool for discovering vulnerabilities in CPU architecture and cryptographic protocols | 18 |
 ericzimmerman/evtx | Tool to parse Event Viewer logs and extract useful information | 282 |
| mitre/brawl-public-game-001 | Automates testing of cybersecurity detection and response capabilities in a controlled network environment | 202 |
 cybersecurityup/mitre-attack-matrix | A comprehensive resource for understanding and visualizing the relationships between different types of cyber attacks and their tactics, techniques, and procedures. | 18 |
 yamato-security/hayabusa-sample-evtx | A collection of sample event log files used for testing and development of threat detection rules | 44 |
 redcanaryco/atomic-red-team | A portable set of tests mapped to the MITRE ATT&CK framework for evaluating security environments. | 9,811 |