Skip to content

@LogRhythm-Labs LogRhythm-Labs

Change the repository type filter

All

    Repositories list

    36 repositories

    • LR-attack-navigator-layer

      Public
      MITRE ATT&CK Navigator layer displaying technique coverage in the MITRE ATT&CK KB Module
      0100Updated Jul 7, 2022Jul 7, 2022

    • lrlabs_oktaAIEtrendRules

      Public
      AIE Trend Rules being released in conjunction with blog "Detecting Attacks and Compromises: A SIEM perspective from the recent LAPSUS$ supply chain attack"
      0000Updated Apr 15, 2022Apr 15, 2022

    • Sigma

      Public
      Convert Sigma rules to LogRhythm searches
      51911Updated Feb 27, 2022Feb 27, 2022

    • log4Shell

      Public
      LogRhythm resources for log4Shell detection.
      0100Updated Jan 20, 2022Jan 20, 2022

    • ATTACK_STIX_analysis

      Public
      A collection of scripts for analysis of the MITRE ATT&CK framework via STIX/TAXII
      Jupyter Notebook
      0200Updated Aug 6, 2021Aug 6, 2021

    • Hafnium-IOCs

      Public
      Curated list of IOCs involving March 2021 Exchange 0 Day Attacks.
      0000Updated Mar 18, 2021Mar 18, 2021

    • Microsoft-SysMon-config

      Public
      Sysmon configuration file template with default high-quality event tracing
      1.7k2000Updated Jan 26, 2021Jan 26, 2021

    • sunburst_iocs

      Public
      List of IOCs from CISA STIX feed related to Alert AA20-352A
      0100Updated Dec 23, 2020Dec 23, 2020

    • FireEye_breach_artifacts

      Public
      extracted IOCs and MITRE technique analysis from the December 2020 FireEye breach
      0200Updated Dec 10, 2020Dec 10, 2020

    • purple_team_cases

      Public
      Create purple team master Case and per-MITRE-technique Cases for purple team exercise
      Jupyter Notebook
      0100Updated Oct 12, 2020Oct 12, 2020

    • covid19-domains

      Public
      COVID-19 Malicious Domain List Importer
      PowerShell
      2200Updated Jun 10, 2020Jun 10, 2020

    • PIE

      Public
      📫 The Phishing Intelligence Engine - An Active Defense PowerShell Framework for Phishing Defense with Office 365
      PowerShell
      MIT License
      5418071Updated Apr 13, 2020Apr 13, 2020

    • attack-navigator

      Public
      Web app that provides basic navigation and annotation of ATT&CK matrices
      TypeScript
      Apache License 2.0
      597300Updated Feb 5, 2019Feb 5, 2019

    • Playbooks_CaseAPI

      Public
      Playbook manipulation via API
      PowerShell
      MIT License
      1400Updated Aug 31, 2018Aug 31, 2018

    • SRP-VirusTotal

      Public
      "On-demand" VirusTotal file/URL scanning via the LogRhythm Web Console
      C#
      MIT License
      1300Updated Jul 27, 2018Jul 27, 2018

    • SRP-Nmap

      Public
      Nmap SIEM Integration and Automation for LogRhythm
      Lua
      MIT License
      1200Updated Jul 20, 2018Jul 20, 2018

    • PIE-Button

      Public
      🔘 Phishing Intelligence Engine Microsoft Outlook Add-In
      C#
      5510Updated Jul 3, 2018Jul 3, 2018

    • Invoke-Okta

      Public
      🌀 Okta + LogRhythm SIEM = Integration and Automation
      PowerShell
      MIT License
      4800Updated May 22, 2018May 22, 2018

    • Carbon-Black-SmartResponse

      Public
      💥 Carbon Black SIEM Integration and Automation for LogRhythm
      PowerShell
      MIT License
      51540Updated Mar 2, 2018Mar 2, 2018

    • Endpoint-Lockdown

      Public
      🔒 Isolate a host from the network using PowerShell
      PowerShell
      MIT License
      5900Updated Mar 2, 2018Mar 2, 2018

    • SRP-AddItemToList

      Public
      Add an item to a text file to be consumed by the LogRhythm Job Manager
      PowerShell
      MIT License
      2100Updated Feb 9, 2018Feb 9, 2018

    • SIEM-Speak

      Public
      🔉 'Say' for Windows PowerShell
      PowerShell
      MIT License
      3400Updated Jul 12, 2017Jul 12, 2017

    • Invoke-Hue

      Public
      🚨 PowerShell Philips Hue Integration and Automation
      PowerShell
      MIT License
      2000Updated Jul 11, 2017Jul 11, 2017

    • Invoke-Wrike

      Public
      📈 Wrike PowerShell API Integration and Automation
      PowerShell
      MIT License
      3000Updated Jul 11, 2017Jul 11, 2017

    • SRP-CiscoISE

      Public
      SmartResponse plugin to quarantine a host via Cisco ISE
      PowerShell
      MIT License
      1100Updated Mar 15, 2017Mar 15, 2017

    • SRP-DisableADAccount

      Public
      Disables a specified Active Directory account using either default Job Manager credentials or specified credentials.
      PowerShell
      MIT License
      1000Updated Mar 15, 2017Mar 15, 2017

    • SRP-DisableLocalWindowsAccount

      Public
      Disables an account on a local Windows system
      PowerShell
      MIT License
      3400Updated Mar 15, 2017Mar 15, 2017

    • abuse.ch_ransomware_scraper

      Public
      Scrapes the indicator lists from abuse.ch's Ransomware Tracker.
      PowerShell
      MIT License
      6100Updated Mar 15, 2017Mar 15, 2017

    • SRP-Fortinet

      Public
      SmartResponse plugin to add IPs and FQDNs to an Address Group.
      PowerShell
      MIT License
      2310Updated Mar 15, 2017Mar 15, 2017

    • SRP-KillWindowsProcess

      Public
      SmartResponse plugin to terminate a process on a Windows host.
      PowerShell
      MIT License
      4200Updated Mar 15, 2017Mar 15, 2017