diff --git a/README.html b/README.html
index fb7b63e..3e3816f 100644
--- a/README.html
+++ b/README.html
@@ -38,8 +38,8 @@
๐ฉโ๐ Trainings
๐ฉโ๐ป Labs
๐ค Twitter
-Threat Simulation
-- ๐ช Tools
+- Threat Simulation
- Contribute
- License
@@ -48,11 +48,7 @@
- MITRE ATT&CK Navigator (source code) - The ATT&CK Navigator is designed to provide basic navigation and annotation of ATT&CK matrices, something that people are already doing today in tools like Excel.
- HELK - A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.
-- osquery-configuration - A repository for using osquery for incident detection and response.
- DetectionLab - Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices.
-- Sysmon-DFIR - Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
-- sysmon-config - Sysmon configuration file template with default high-quality event tracing.
-- sysmon-modular - A repository of sysmon configuration modules. It also includes a mapping of Sysmon configurations to MITRE ATT&CK techniques.
- Revoke-Obfuscation - PowerShell Obfuscation Detection Framework.
- Invoke-ATTACKAPI - A PowerShell script to interact with the MITRE ATT&CK Framework via its own API.
- Unfetter - A reference implementation provides a framework for collecting events (process creation, network connections, Window Event Logs, etc.) from a client machine and performing CAR analytics to detect potential adversary activity.
@@ -86,6 +82,7 @@
- SOC-Multitool: A powerful and user-friendly browser extension that streamlines investigations for security professionals.
- Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark.
- ProcMon for Linux
+- Synthetic Adversarial Log Objects (SALO) - A framework for the generation of log events without the need for infrastructure or actions to initiate the event that causes a log event.
@@ -107,6 +104,14 @@
- OSSEC - An open-source Host-based Intrusion Detection System (HIDS)
- WAZUH - An open-source security platform
+Configuration
+
+- sysmon-DFIR - Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
+- sysmon-config - Sysmon configuration file template with default high-quality event tracing.
+- sysmon-modular - A repository of sysmon configuration modules. It also includes a mapping of Sysmon configurations to MITRE ATT&CK techniques.
+- auditd configuration
+- osquery-configuration - A repository for using osquery for incident detection and response.
+
Network Monitoring
- Zeek (formerly Bro) - A network security monitoring tool
@@ -138,6 +143,8 @@
- Elastic Detection Rules
- MITRE CAR - The Cyber Analytics Repository is a knowledge base of analytics developed by MITRE based on the Adversary Tactics, Techniques, and Common Knowledge (ATT&CKโข) adversary model.
- Awesome YARA Rules
+- Chronicle Detection Rules - Collection of YARA-L 2.0 sample rules for the Chronicle Detection API.
+- GCP Security Analytics - Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud.
Dataset
Resources
@@ -207,11 +216,9 @@
- Cyber Kill Chain - It is part of the Intelligence Driven Defenseยฎ model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.
- The DML Model - The Detection Maturity Level (DML) model is a capability maturity model for referencing ones maturity in detecting cyber attacks.
- NIST Cybersecurity Framework
-- OSSEM (Open Source Security Events Metadata) - A community-led project that focuses on the documentation and standardization of security event logs from diverse data sources and operating systems
-- MITRE Engage - A framework
-for planning and discussing adversary engagement operations
-that empowers you to engage your adversaries
-and achieve your cybersecurity goals.
+- OSSEM (Open Source Security Events Metadata) - A community-led project that focuses on the documentation and standardization of security event logs from diverse data sources and operating systems.
+- Open Cybersecurity Schema Framework (OCSF) - A framework for creating schemas and it also delivers a cybersecurity event schema built with the framework (schema browser).
+- MITRE Engage - A framework for planning and discussing adversary engagement operations that empowers you to engage your adversaries and achieve your cybersecurity goals.
- MaGMa Use Case Defintion Model - A business-centric approach for planning and defining threat detection use cases.
Windows
@@ -386,6 +393,7 @@ and achieve your cybersecurity goals.
- Splunk Boss of the SOC - Hands-on workshops and challenges to practice threat hunting using the BOTS and other datasets.
- HELK - A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.
- BlueTeam Lab - A detection lab created with Terraform and Ansible in Azure.
+- attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk.
Contribute
Contributions welcome! Read the contribution guidelines first.