├── .gitignore ├── Detect.ods ├── Detection-Methods.md ├── Detection-Tactics.md ├── Documentation-Templates ├── After-Action-Review.md ├── Audit-and-Availability-Plan.md ├── Configuration-Management-Plan.md ├── Continous-Monitoring-SOP.md ├── Incident-Response-Plan.md ├── Incident-Response-Policy.md ├── Incident-Response-Tracker-Template.xlsx └── System-and-Information-Integrity-Policy.md ├── LICENSE ├── Lab ├── WindowsVictim.md ├── detection_validation.md ├── helk.md ├── pfSense.md └── sysmonlabconfig.xml ├── Logging-Windows.md ├── Logging.md ├── Lookups ├── o365-principalappid.csv ├── windows-logon-type.csv └── windows-status-code.csv ├── Matrix ├── Detection-and-Compliance-Matrix.md ├── Playbook-Structure.md └── Signature-Structure.md ├── Metrics.md ├── News └── OT-ICS.md ├── Notable-Event-IDs.md ├── Orientation └── crown-jewels.md ├── Playbook-Samples.md ├── Playbooks ├── Detect-Password-Spraying-via-Windows-Events.md ├── Layer3-Firewall.md └── Layer7-Firewall.md ├── README.md ├── Risk-Based-Alerting ├── Overview.md └── Risk-Rules.md ├── Signatures └── Splunk │ ├── cisco-ios.md │ ├── panorama-src_ip-unknown-dest_ip-spike.md │ ├── panorama-suspicious-dest_port.md │ ├── panorama-system-port-flapping.md │ ├── panorama-threat-detected.md │ ├── panorama-unkown-app-protocol.md │ ├── panorama.md │ ├── sourcetype-outage-dynamic.md │ └── splunk-general.md ├── Splunk └── apps │ └── Splunk_TA_paloalto │ └── local │ └── props.conf ├── Tactics ├── API-Usage.md ├── Account-Creation.md ├── Account-Logon.md ├── Account-Modification.md ├── Application-Log.md ├── Commandline-Activity.md ├── Configuration-Change.md ├── DNS-Request.md ├── Email-Traffic.md ├── File-Access.md ├── File-Content.md ├── File-Creation.md ├── File-Deletion.md ├── File-Modification.md ├── File-Rename.md ├── Group-Access.md ├── Group-Creation.md ├── Group-Deletion.md ├── Group-Modifcation.md ├── Group-Rename.md ├── Instance-Creation.md ├── Instance-Deletion.md ├── Instance-Modification.md ├── Instance-Start.md ├── Instance-Stop.md ├── Log-Clearing.md ├── Module-Load.md ├── NGAV-Alarms.md ├── Network-Activity-by-Flow.md ├── Network-Activity-by-IP.md ├── Network-Activity-by-Process.md ├── Network-Full-Packet-Capture.md ├── Performance-Metrics.md ├── Process-Access.md ├── Process-Execution.md ├── Registry-Creation.md ├── Registry-Modification.md ├── Resource-Consumption.md ├── Scheduled-Task-Creation.md ├── Service-Creation.md ├── Service-Modification.md ├── Web-Request.md └── Web-Server.md ├── Threat-Hunting.md ├── attack-tools-resources.md ├── dashboards.md ├── field-kit.md ├── hardening ├── dns-security.md ├── email-security.md ├── general-security.md ├── microsoft-365-auditing-and-reporting.md ├── microsoft-365-azure-ad.md ├── microsoft-365-exchange.md ├── microsoft-365-sharepoint-and-onedrive.md ├── microsoft-365-teams.md ├── microsoft-active-directory.md ├── microsoft-windows-dns.md ├── microsoft-windows.md ├── network.md ├── remote-access.md ├── software-manufacturers.md └── web-security.md ├── interview-questions.md ├── mitigation-categories.md ├── osintel.md ├── response-tools-resources.md ├── sigma ├── adoption.md ├── filters │ ├── test_filter1.yml │ └── test_filter2.yml ├── output │ └── savedsearches.conf ├── pipelines │ ├── cloudtrail.yml │ ├── linux_builtin.yml │ ├── webserver_generic.yml │ ├── windows.yml │ ├── windows_sysmon.yml │ └── windows_xml.yml └── sigma-splunk-library.md └── technical-documentation.md /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/.gitignore -------------------------------------------------------------------------------- /Detect.ods: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Detect.ods -------------------------------------------------------------------------------- /Detection-Methods.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Detection-Methods.md -------------------------------------------------------------------------------- /Detection-Tactics.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Detection-Tactics.md -------------------------------------------------------------------------------- /Documentation-Templates/After-Action-Review.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Documentation-Templates/After-Action-Review.md -------------------------------------------------------------------------------- /Documentation-Templates/Audit-and-Availability-Plan.md: -------------------------------------------------------------------------------- 1 | ... -------------------------------------------------------------------------------- /Documentation-Templates/Configuration-Management-Plan.md: -------------------------------------------------------------------------------- 1 | ... -------------------------------------------------------------------------------- /Documentation-Templates/Continous-Monitoring-SOP.md: -------------------------------------------------------------------------------- 1 | ... -------------------------------------------------------------------------------- /Documentation-Templates/Incident-Response-Plan.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Documentation-Templates/Incident-Response-Plan.md -------------------------------------------------------------------------------- /Documentation-Templates/Incident-Response-Policy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Documentation-Templates/Incident-Response-Policy.md -------------------------------------------------------------------------------- /Documentation-Templates/Incident-Response-Tracker-Template.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Documentation-Templates/Incident-Response-Tracker-Template.xlsx -------------------------------------------------------------------------------- /Documentation-Templates/System-and-Information-Integrity-Policy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Documentation-Templates/System-and-Information-Integrity-Policy.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/LICENSE -------------------------------------------------------------------------------- /Lab/WindowsVictim.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Lab/WindowsVictim.md -------------------------------------------------------------------------------- /Lab/detection_validation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Lab/detection_validation.md -------------------------------------------------------------------------------- /Lab/helk.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Lab/helk.md -------------------------------------------------------------------------------- /Lab/pfSense.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Lab/pfSense.md -------------------------------------------------------------------------------- /Lab/sysmonlabconfig.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Lab/sysmonlabconfig.xml -------------------------------------------------------------------------------- /Logging-Windows.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Logging-Windows.md -------------------------------------------------------------------------------- /Logging.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Logging.md -------------------------------------------------------------------------------- /Lookups/o365-principalappid.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Lookups/o365-principalappid.csv -------------------------------------------------------------------------------- /Lookups/windows-logon-type.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Lookups/windows-logon-type.csv -------------------------------------------------------------------------------- /Lookups/windows-status-code.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Lookups/windows-status-code.csv -------------------------------------------------------------------------------- /Matrix/Detection-and-Compliance-Matrix.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Matrix/Detection-and-Compliance-Matrix.md -------------------------------------------------------------------------------- /Matrix/Playbook-Structure.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Matrix/Playbook-Structure.md -------------------------------------------------------------------------------- /Matrix/Signature-Structure.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Matrix/Signature-Structure.md -------------------------------------------------------------------------------- /Metrics.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Metrics.md -------------------------------------------------------------------------------- /News/OT-ICS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/News/OT-ICS.md -------------------------------------------------------------------------------- /Notable-Event-IDs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Notable-Event-IDs.md -------------------------------------------------------------------------------- /Orientation/crown-jewels.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Orientation/crown-jewels.md -------------------------------------------------------------------------------- /Playbook-Samples.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Playbook-Samples.md -------------------------------------------------------------------------------- /Playbooks/Detect-Password-Spraying-via-Windows-Events.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Playbooks/Detect-Password-Spraying-via-Windows-Events.md -------------------------------------------------------------------------------- /Playbooks/Layer3-Firewall.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Playbooks/Layer3-Firewall.md -------------------------------------------------------------------------------- /Playbooks/Layer7-Firewall.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Playbooks/Layer7-Firewall.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/README.md -------------------------------------------------------------------------------- /Risk-Based-Alerting/Overview.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Risk-Based-Alerting/Overview.md -------------------------------------------------------------------------------- /Risk-Based-Alerting/Risk-Rules.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Risk-Based-Alerting/Risk-Rules.md -------------------------------------------------------------------------------- /Signatures/Splunk/cisco-ios.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Signatures/Splunk/cisco-ios.md -------------------------------------------------------------------------------- /Signatures/Splunk/panorama-src_ip-unknown-dest_ip-spike.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Signatures/Splunk/panorama-src_ip-unknown-dest_ip-spike.md -------------------------------------------------------------------------------- /Signatures/Splunk/panorama-suspicious-dest_port.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Signatures/Splunk/panorama-suspicious-dest_port.md -------------------------------------------------------------------------------- /Signatures/Splunk/panorama-system-port-flapping.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Signatures/Splunk/panorama-system-port-flapping.md -------------------------------------------------------------------------------- /Signatures/Splunk/panorama-threat-detected.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Signatures/Splunk/panorama-threat-detected.md -------------------------------------------------------------------------------- /Signatures/Splunk/panorama-unkown-app-protocol.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Signatures/Splunk/panorama-unkown-app-protocol.md -------------------------------------------------------------------------------- /Signatures/Splunk/panorama.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Signatures/Splunk/panorama.md -------------------------------------------------------------------------------- /Signatures/Splunk/sourcetype-outage-dynamic.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Signatures/Splunk/sourcetype-outage-dynamic.md -------------------------------------------------------------------------------- /Signatures/Splunk/splunk-general.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Signatures/Splunk/splunk-general.md -------------------------------------------------------------------------------- /Splunk/apps/Splunk_TA_paloalto/local/props.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Splunk/apps/Splunk_TA_paloalto/local/props.conf -------------------------------------------------------------------------------- /Tactics/API-Usage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/API-Usage.md -------------------------------------------------------------------------------- /Tactics/Account-Creation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Account-Creation.md -------------------------------------------------------------------------------- /Tactics/Account-Logon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Account-Logon.md -------------------------------------------------------------------------------- /Tactics/Account-Modification.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Account-Modification.md -------------------------------------------------------------------------------- /Tactics/Application-Log.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Application-Log.md -------------------------------------------------------------------------------- /Tactics/Commandline-Activity.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Commandline-Activity.md -------------------------------------------------------------------------------- /Tactics/Configuration-Change.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Configuration-Change.md -------------------------------------------------------------------------------- /Tactics/DNS-Request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/DNS-Request.md -------------------------------------------------------------------------------- /Tactics/Email-Traffic.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Email-Traffic.md -------------------------------------------------------------------------------- /Tactics/File-Access.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/File-Access.md -------------------------------------------------------------------------------- /Tactics/File-Content.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/File-Content.md -------------------------------------------------------------------------------- /Tactics/File-Creation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/File-Creation.md -------------------------------------------------------------------------------- /Tactics/File-Deletion.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/File-Deletion.md -------------------------------------------------------------------------------- /Tactics/File-Modification.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/File-Modification.md -------------------------------------------------------------------------------- /Tactics/File-Rename.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/File-Rename.md -------------------------------------------------------------------------------- /Tactics/Group-Access.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Group-Access.md -------------------------------------------------------------------------------- /Tactics/Group-Creation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Group-Creation.md -------------------------------------------------------------------------------- /Tactics/Group-Deletion.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Group-Deletion.md -------------------------------------------------------------------------------- /Tactics/Group-Modifcation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Group-Modifcation.md -------------------------------------------------------------------------------- /Tactics/Group-Rename.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Group-Rename.md -------------------------------------------------------------------------------- /Tactics/Instance-Creation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Instance-Creation.md -------------------------------------------------------------------------------- /Tactics/Instance-Deletion.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Instance-Deletion.md -------------------------------------------------------------------------------- /Tactics/Instance-Modification.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Instance-Modification.md -------------------------------------------------------------------------------- /Tactics/Instance-Start.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Instance-Start.md -------------------------------------------------------------------------------- /Tactics/Instance-Stop.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Instance-Stop.md -------------------------------------------------------------------------------- /Tactics/Log-Clearing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Log-Clearing.md -------------------------------------------------------------------------------- /Tactics/Module-Load.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Module-Load.md -------------------------------------------------------------------------------- /Tactics/NGAV-Alarms.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/NGAV-Alarms.md -------------------------------------------------------------------------------- /Tactics/Network-Activity-by-Flow.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Network-Activity-by-Flow.md -------------------------------------------------------------------------------- /Tactics/Network-Activity-by-IP.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Network-Activity-by-IP.md -------------------------------------------------------------------------------- /Tactics/Network-Activity-by-Process.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Network-Activity-by-Process.md -------------------------------------------------------------------------------- /Tactics/Network-Full-Packet-Capture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Network-Full-Packet-Capture.md -------------------------------------------------------------------------------- /Tactics/Performance-Metrics.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Performance-Metrics.md -------------------------------------------------------------------------------- /Tactics/Process-Access.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Process-Access.md -------------------------------------------------------------------------------- /Tactics/Process-Execution.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Process-Execution.md -------------------------------------------------------------------------------- /Tactics/Registry-Creation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Registry-Creation.md -------------------------------------------------------------------------------- /Tactics/Registry-Modification.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Registry-Modification.md -------------------------------------------------------------------------------- /Tactics/Resource-Consumption.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Resource-Consumption.md -------------------------------------------------------------------------------- /Tactics/Scheduled-Task-Creation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Scheduled-Task-Creation.md -------------------------------------------------------------------------------- /Tactics/Service-Creation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Service-Creation.md -------------------------------------------------------------------------------- /Tactics/Service-Modification.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Service-Modification.md -------------------------------------------------------------------------------- /Tactics/Web-Request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Web-Request.md -------------------------------------------------------------------------------- /Tactics/Web-Server.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Tactics/Web-Server.md -------------------------------------------------------------------------------- /Threat-Hunting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/Threat-Hunting.md -------------------------------------------------------------------------------- /attack-tools-resources.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/attack-tools-resources.md -------------------------------------------------------------------------------- /dashboards.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/dashboards.md -------------------------------------------------------------------------------- /field-kit.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/field-kit.md -------------------------------------------------------------------------------- /hardening/dns-security.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/dns-security.md -------------------------------------------------------------------------------- /hardening/email-security.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/email-security.md -------------------------------------------------------------------------------- /hardening/general-security.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/general-security.md -------------------------------------------------------------------------------- /hardening/microsoft-365-auditing-and-reporting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/microsoft-365-auditing-and-reporting.md -------------------------------------------------------------------------------- /hardening/microsoft-365-azure-ad.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/microsoft-365-azure-ad.md -------------------------------------------------------------------------------- /hardening/microsoft-365-exchange.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/microsoft-365-exchange.md -------------------------------------------------------------------------------- /hardening/microsoft-365-sharepoint-and-onedrive.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/microsoft-365-sharepoint-and-onedrive.md -------------------------------------------------------------------------------- /hardening/microsoft-365-teams.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/microsoft-365-teams.md -------------------------------------------------------------------------------- /hardening/microsoft-active-directory.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/microsoft-active-directory.md -------------------------------------------------------------------------------- /hardening/microsoft-windows-dns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/microsoft-windows-dns.md -------------------------------------------------------------------------------- /hardening/microsoft-windows.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/microsoft-windows.md -------------------------------------------------------------------------------- /hardening/network.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/network.md -------------------------------------------------------------------------------- /hardening/remote-access.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/remote-access.md -------------------------------------------------------------------------------- /hardening/software-manufacturers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/software-manufacturers.md -------------------------------------------------------------------------------- /hardening/web-security.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/hardening/web-security.md -------------------------------------------------------------------------------- /interview-questions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/interview-questions.md -------------------------------------------------------------------------------- /mitigation-categories.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/mitigation-categories.md -------------------------------------------------------------------------------- /osintel.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/osintel.md -------------------------------------------------------------------------------- /response-tools-resources.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/response-tools-resources.md -------------------------------------------------------------------------------- /sigma/adoption.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/sigma/adoption.md -------------------------------------------------------------------------------- /sigma/filters/test_filter1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/sigma/filters/test_filter1.yml -------------------------------------------------------------------------------- /sigma/filters/test_filter2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/sigma/filters/test_filter2.yml -------------------------------------------------------------------------------- /sigma/output/savedsearches.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/sigma/output/savedsearches.conf -------------------------------------------------------------------------------- /sigma/pipelines/cloudtrail.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/sigma/pipelines/cloudtrail.yml -------------------------------------------------------------------------------- /sigma/pipelines/linux_builtin.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/sigma/pipelines/linux_builtin.yml -------------------------------------------------------------------------------- /sigma/pipelines/webserver_generic.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/sigma/pipelines/webserver_generic.yml -------------------------------------------------------------------------------- /sigma/pipelines/windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/sigma/pipelines/windows.yml -------------------------------------------------------------------------------- /sigma/pipelines/windows_sysmon.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/sigma/pipelines/windows_sysmon.yml -------------------------------------------------------------------------------- /sigma/pipelines/windows_xml.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/sigma/pipelines/windows_xml.yml -------------------------------------------------------------------------------- /sigma/sigma-splunk-library.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/sigma/sigma-splunk-library.md -------------------------------------------------------------------------------- /technical-documentation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TonyPhipps/SIEM/HEAD/technical-documentation.md --------------------------------------------------------------------------------