https://github.com/0x783kb/Security-Operation-Book

常见的攻击行为监测特征及方法，涵盖端点和流量，未包含PowerShell和Sysmon。预祝运营生活愉快！
https://github.com/0x783kb/Security-Operation-Book

attck security security-operation soc threat-hunting

Last synced: about 2 months ago
JSON representation

常见的攻击行为监测特征及方法，涵盖端点和流量，未包含PowerShell和Sysmon。预祝运营生活愉快！

• Host: GitHub
• URL: https://github.com/0x783kb/Security-Operation-Book
• Owner: 0x783kb
• Created: 2019-07-10T08:44:30.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2024-06-18T03:53:59.000Z (6 months ago)
• Last Synced: 2024-08-09T21:11:21.362Z (4 months ago)
• Topics: attck, security, security-operation, soc, threat-hunting
• Homepage: https://0x783kb.github.io/Security-Operation-Book/
• Size: 79.5 MB
• Stars: 601
• Watchers: 23
• Forks: 138
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - 0x783kb/Security-Operation-Book - 常见的攻击行为监测特征及方法，涵盖端点和流量，未包含PowerShell和Sysmon。预祝运营生活愉快！ (Others)

README

        
# Security-operation-book

## 简介

Security-operation-book目前已覆盖116个TID，353个技术点。主要涵盖Web、Windows AD、Linux，涉及ATT&CK技术、模拟测试、检测思路、检测所需数据源等。

![覆盖图](img/index.png)

## 规则说明

Web_Attck检测规则为Suricata、Sigma两种格式，端点检测规则为Sigma格式为主。

## stars

![stars](https://starchart.cc/0x783kb/Security-operation-book.svg)