Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-soc
A collection of sources of documentation, as well as field best practices, to build/run a SOC
https://github.com/cyb3rxp/awesome-soc
- 11 strategies for a world-class SOC - soc/blob/main/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf)): part 0 (Fundamentals).
- Building a SOC
- Building a SOC
- SOC model guide
- State of Security 2023
- SOC analyst interview questions
- ISO 27035 Practical value for CSIRT and SOCs
- SOC-CMM
- DeTTECT
- CERT-in-a-box
- CSIRT Services Framework
- Good practice for incident management
- Incident Response whitepaper
- Security incident management according to ISO 27005
- Incident response reference guide
- SP800-86, integration forensics techniques into IR
- ForensicsArtefacts
- Incident Response Playbook: Dark Web Breaches
- IR Mitigations tasks
- Security 360
- CSIRT, SOC, ISAC and PSIRT definitions
- Visual Threat Intelligence
- What is SecOps
- Blue Team Notes
- Security orchestration for dummies
- SIRP / SOA / TIP benefits
- SP800-61 rev2, incident handling guide
- How to set-up a CSIRT and SOC
- ATT&CK: Getting started
- Cybersecurity framework
- CVSS v4 specs
- STIX
- TLP - policy/)
- 18 critical security controls
- Cyber Threat readiness report 2023
- Market Guide for Security Orchestration, Automation and Response Solutions
- How will NIS2 impact your organization?
- NIS2, how to address the security control gaps
- Cybersecurity business value benchmark
- this article
- image
- CYRAIL's paper drawing
- image
- SIEM
- Gartner magic quadrant
- Microsoft Azure Sentinel - io-xdr/), [Splunk](www.splunk.com), [Graylog](https://graylog.org/).
- SIRP
- IBM Resilient - project.org/), [SwimLane](https://swimlane.com/), [PAN Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar)
- TheHive - xsoar)
- SOA
- overview of SOAR providers
- IBM Resilient - project.org/), [PAN Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar), [Microsoft Logic Apps](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-overview)
- SwimLane - project.org/), [PAN Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar)
- TIP
- Gartner magic quadrant - nurture-2023_2/report-forrester-wave-endpoint-security-q4-2023?cid=emm%7Cb%7Chubspot%7Cnrt-epp-2023&utm_campaign=nurture-epp-2023&utm_medium=email&_hsmi=280555694&utm_content=280555694&utm_source=hs_automation)
- Microsoft Defender - more-about-endpoint-protection/), [BitDefender](https://www.bitdefender.fr/business/products/workstation-security.html).
- Endpoint Detection and Response
- Gartner magic quadrant - engenuity.org/), and [Forrester Wave](https://www.crowdstrike.com/resources/reports/crowdstrike-recognized-as-dominant-endpoint-solution-with-superior-vision/)
- SentinelOne - us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), [Harfanglab](https://www.harfanglab.io/en/block-cyberattacks), [ESET XDR](https://www.eset.com/int/business/enterprise-protection-bundle/), [WithSecure Elements EDR](https://www.withsecure.com/us-en/solutions/software-and-services/elements-endpoint-detection-and-response), [CrowdStrike Falcon EDR](https://www.crowdstrike.com/wp-content/uploads/2022/03/crowdstrike-falcon-insight-data-sheet.pdf), [Tanium](https://www.tanium.com/products/tanium-threat-response/), [Wazuh](https://wazuh.com/)
- Secure Email Gateway
- Gartner reviews and ratings
- Microsoft Defender for Office365 - reference/email-gateway), [Mimecast](https://www.mimecast.com/products/email-security/secure-email-gateway/)
- Secure Web Gateway
- Gartner magic quadrant
- BlueCoat Edge SWG - access-service-edge-sase/index.html), [Zscaler Cloud proxy](https://www.zscaler.com/resources/security-terms-glossary/what-is-cloud-proxy), [Netskope](https://www.netskope.com/security-defined/what-is-casb).
- Identity Threat Detection and Response
- Semperis Directory Services Protector
- Semperis Purple Knight
- Intrinsec (in French) - surface-management), [Qualys EASM](https://www.qualys.com/apps/external-attack-surface-management/)
- ImmuniWeb
- ScootSuite
- Cloud Access Security Broker
- Gartner magic quadrant
- Microsoft MCAS - white-papers-data-protection-challenges?_bt=534426399999&_bk=%2Bzscaler%20%2Bcasb&_bm=b&_bn=g&_bg=121807608181&utm_source=google&utm_medium=cpc&utm_campaign=google-ads-na&gclid=CjwKCAjwu5yYBhAjEiwAKXk_eKLlKaMfJ-oGYItPTHguAmCA_b9WP0zNZgLPqGKjfC19IGmQFFG_9RoCgJAQAvD_BwE), [Netskope](https://www.netskope.com/security-defined/what-is-casb).
- AD decoy acounts - directory-a-canary-under-your-hat/)
- Thor Cloud lite
- WithSecure Elements EDR
- Cat-Scale
- UAC
- Sysinspector
- Velociraptor
- DFIR-ORC
- Sysmon - modular/blob/master/sysmonconfig.xml);
- ADRecon
- Semperis Purple Knight
- BloodHound Community
- CrowdStrike Reporting Tool for Azure
- Semperis Purple Knight
- 365Inspect
- Azure AD Incident Response Powershell
- ScootSuite
- FastIR - security/varc), [FireEye Redline](https://fireeye.market/apps/211364), [DFIR-ORC](https://github.com/dfir-orc);
- CIMSweep - Toolkit) but it relies on CrowdStrike EDR, [GRR](https://github.com/google/grr) but it needs an agent to be installed.
- Joe's sandbox - analysis.com/), etc;
- automation
- SIFT Workstation - linux.org/);
- FireEye Flare-VM
- Remnux
- Timesketch - iris.org/)
- Loki - ORC](https://github.com/dfir-orc)
- Tiny Check
- CTI's repo
- Yara-rules GitHub repo
- Yara rules repo
- Community Yara rules
- Awesome threat intel
- Windows Defender Offline
- CrowdSec - blue-team/DeepBlueCLI)
- CyberChef - plus-plus.org/downloads/)
- Azure AD Internals suite - fr/sysinternals/downloads/sysinternals-suite)
- GitLab
- Microsoft SharePoint
- OSINTracker
- Sigma HQ (detection rules)
- Splunk Security content (free detection rules for Splunk)
- SOC Prime
- Michel De Crevoisier's Git
- CISA catalog
- CVETrends
- Top 0days "in the wild"
- LinkedIn Information Security Community group
- Netvibes
- CERT-FR - US](https://www.cisa.gov/uscert/ncas/alerts)
- TheRecord.media - manage.com/subscribe?u=403249ad144b732517b9fca94&id=041976f275)
- ISC
- NCSC website
- image
- level 2 of network segmentation
- restricted AD forest
- CIS benchmarks - us/download/details.aspx?id=55319)
- 11 strategies for a world-class SOC (remaining of PDF)
- Cyber Defense Incident Responder role
- Purple Team Assessment
- AV / EP / EPP / EDR / XDR
- Security bastion (PAM) and Active Directory tiering mode: how to reconcile the two paradigms?
- list of Windows API and their potential use in offensive security
- OpenIOC format
- Awesome Threat Intel
- SOC/IR hierarchy of needs
- TaHiTI (threat hunting methodology)
- EBIOS RM methodology
- Improving Social Maturity of Cybersecurity Incident Response Teams
- RedTeam resources
- Awesome CyberSecurity BlueTeam
- Windows 10 and Windows Server 2016 security auditing and monitoring reference
- how to mange FP in a SOC?
- Playbook for ransomware incident response
- AD post-compromise checklist
- Market guide for NDR
- Resources inventory
- Best practices for AD disaster recovery
- Isolate Tier 0 assets with group policy
- How to be compliant with NIS2?
- Mitre Engenuity Evaluations 2022 review
- SP800-53 rev5 (Security and Privacy Controls for Information Systems and Organizations)
- AWS Security Fundamentals
- PAW Microsoft
- Business Impact Assessment
- RACI template (in French)
- XDR Gartner market guide
- BEATS agents
- V1D1AN's Drawing: architecture of detection
- RFC2350
- Awesome Security Resources
- Incident Response & Computer Forensics, 3rd ed
- GDPR cybersecurity implications (in French)
- SANS SOC survey 2022
- Digital Forensocs Incident Response Git
- Incident playbook
- Cybersecurity incident and vulnerability response playbooks
- Microsoft Sentinel queries
- MS Sentinel architecture and recommendations for MSSP
- PAM Magic Quadrant reprint
- Tools inventory
- command line reference
- Sentinel data collection scenarios
- SOCTOM
- PTES
- WSTG
- Analyzing MITRE ATT&CK evaluations 2023
- AIL Framework
- top 10
- Canary.tools
- Awesome honeypots Git
- PhishLabs - detection/)
- Crowdsec
- Gatewatcher
- Microsoft Intune
- Gartner reviews and ratings
- Nozomi Guardian
- Gigamon
- CIS - us/download/details.aspx?id=55319)
- forest is the AD security boundary
- image
- Wallix PAM
- level 3 of network segmentation
- CC-BY-SA
Programming Languages
Keywords
security
5
dfir
4
awesome-list
3
cybersecurity
3
mitre-attack
2
threat-hunting
2
yara-rules
2
yara
2
signature
2
scanner
2
incident-response
2
ioc
2
hash
2
awesome
2
powershell
2
infosec
2
incidents
1
incident-management
1
cybersecurity-playbook
1
mitre
1
contributors-welcome
1
playbook
1
ail-framework
1
analysis
1
data-mining
1
information-leak
1
information-security
1
leak
1
contributions-welcome
1
catalog
1
defensive-security
1
computer-security
1
blue-team
1
threat-intelligence
1
anti-virus
1
python
1
otx
1
antivirus
1
reverse-engineering
1
malware-analysis
1
flare
1
segmentation-network
1
segmetation-benchmarks
1
vlan-best-practice
1
vlaning
1
aix
1
android
1
computer-forensics
1
esxi
1
forensics
1