My Security Intelligence and Monitoring Agenda List

1.1 NSM-project   NSM

1. HASecuritySolutions/Logstash: Contains Logstash related content including tons of Logstash configurations
   

1.2 new

1. https://github.com/initconf/smtp-url-analysis/tree/2eff7244ca3eb3dfd4ab70fa0f7ea9ee73ea0de3/scripts
   

   https://www.jianshu.com/p/68684780c1b0x

1.3 Search website

1.4 full blown

1. certsocietegenerale/FIR: Fast Incident Response
   

2.1 Document

1. Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX - IEEE Journals & Magazine
   
2. https://www.google.com/search?q=CERT/NetSA+%22pdf%22&ei=k939W7ukKILX0gLUt5tw&start=10&sa=N&ved=0ahUKEwj7ufnx5vXeAhWCq1QKHdTbBg4Q8tMDCH0&biw=1152&bih=599&dpr=2.5
   
3. https://www.ietf.org/proceedings/80/slides/ipfix-4.pdf
   
4. https://tools.netsa.cert.org/silk/analysis-handbook.pdf [Analysis Handbook Nov 2018 updated]
   
5. 📄 REVIEW Analysis handbook   BOOK LEARN
   
6. lisa04.pdf
   
7. lisa06.pdf
   
8. https://resources.sei.cmu.edu/asset_files/Presentation/2011_017_101_50515.pdf [iSilk]
   
9. nyov/netsa-python: NetSA Python - http://tools.netsa.cert.org/netsa-python/
   

3.1 PPT/Doc

1. Install/Setup Kolide Fleet + Graylog + OSQuery with Windows and Linux deployment | HoldMyBeer   STEP1 Document
   
2. Maerz-Bro_andOsquery-Enterprise_{Visibility.pdf}   Visualization
   

3.2 Security

1. osquery For Security – Chris Long – Medium
   

3.3 Kolild

1. Config
   
   1. fleet/configuring-the-fleet-binary.md at master · kolide/fleet   Document
      

3.4 tools

1. jmpsec/osctrl: Fast and efficient osquery management   Tool
   

5.1 BLog

1. Mactime magic with ELK | White snow | against the black ice
   
2. https://medium.com/schkn/monitoring-linux-logs-with-kibana-and-rsyslog-4dfbbd287807
   

5.2 Logstash

1. Filter   Nettoolset
   
   1. ✔ DONE Urldecode <2018-06-07 Thu>
      
      • State “DONE” from [2018-06-07 Thu 14:21]

      手机淘宝/3442425 CFNetwork/897.15 Darwin/17.5.0

      1. Link
         
         • https://www.elastic.co/guide/en/logstash/current/plugins-filters-urldecode.html

         • https://www.cnblogs.com/vovlie/p/4227027.html
   2. fv<2018-06-07 Thu>
      
      1. link
         
         • https://www.elastic.co/guide/en/logstash/current/plugins-filters-kv.html

5.3 Repo

1. Cyb3rWard0g/HELK: The Hunting ELK
   
2. simplesteph/kafka-security-manager: Manage your Kafka ACL at scale
   
3. [ ] [database] confluentinc/ksql: KSQL - the Streaming SQL Engine for Apache Kafka
   
4. HASecuritySolutions/VulnWhisperer: Create actionable data from your Vulnerability Scans
   

5.4 Extended

1. https://github.com/SparkSharly/Sharly
   
2. fbaligand/kibana-enhanced-table: Kibana visualization like a Data Table, but with enhanced features like computed columns, filter bar, and “Split Cols” bucket
   

6.1 1808.10742.pdf [Anomaly Detection in Cyber Network Data Using a Cyber Language Approach]

6.2 Notice Correlation and Covert CTC Detection — Michael Dopheide & Ross Gegan - YouTube

1. covert.pdf [IP Covert Timing Channels]
   

6.3 Silk

1. R: A Proposed Analysis and Visualization Environment for Network Security Data
   

6.4 HTTP

1. DeepHTTP: Semantics-Structure Model with Attention for Anomalous HTTP Traffic Detection and Pattern Mining
   
2. [[https://blog.csdn.net/qq_30050175/article/details/90577778][DECANTeR: DEteCtion of Anomalous outbouNd HTTP TRaffic by Passive Application Fingerprinting - 一只咸鱼的小努力 - CSDN
   

7.1 Bro

1. [A] Ten Ways Zeek Can Help You Detect the TTPs of MITRE ATT&CK - YouTube
   
2. [A] Using Zeek/Bro To Discover Network TTPs of MITRE ATT&CK™ - YouTube
   
3. Broker   Broker
   

7.2 https://www.youtube.com/channel/UCpNGmljppAJbTIA5Msms1Pw/videos <2018-11-24 Sat>

7.3 https://www.icir.org/robin/

1. https://www.youtube.com/watch?v=dIFcE_awVjc
   

7.4 Hunting book [APT]

1. https://issuu.com/klemenmolk/docs/25_makeuseof_w_pacb71_my2um8lj35gmh
   
2. SOMEDAY https://github.com/beahunt3r/Windows-Hunting <2018-06-13 Wed>   READ
   

7.5 Botconf

1. Olivier Bilodeau https://www.youtube.com/watch?v=iW-WmhPu6p4
   

7.6 Sans

1. [Botnet Tracking Tools ] [] https://www.youtube.com/watch?v=iW-WmhPu6p4
   

7.7 WAITING Traffic filtering at scale on Linux   Document NSM

7.8 bro-cheatsheets/Corelight-Bro-Cheatsheets-2.6.pdf at master · corelight/bro-cheatsheets   Document

7.9 bro-2.4.1.pdf Document:

7.10 owlh_{documentation} Documentation

7.11 logisland Documentation

7.12 Detection of HTTPS Malware Traffic :Document

7.13 d1_s1r4.pdf PPT:

7.14 CoreFlow: Enriching Bro security events using network traffic monitoring data - Semantic Scholar

8.1 Performance monitoring

1. netdata/netdata: Real-time performance monitoring, done right! https://my-netdata.io/   monitoring
   

8.2 https://scrapy.org/   spider

8.3 JohnLaTwC (John Lambert) [Distinguished Engineer and General Manager, Microsoft Threat Intelligence Center]

8.4 OWASP/Amass: In-Depth DNS Enumeration and Network Mapping   DNS

8.5 1N3 (xer0dayz)

9.1 grafana/loki: Like Prometheus, but for logs. –>grafana

1. lucascebrero/graylogReport
   

10.1 ⚔ STARTED grafana/grafana: The tool for beautiful monitoring and metric analytics & dashboards for Graphite, InfluxDB & Prometheus & More

1. VeeamHub/grafana: Grafana dashboard for Veeam solutions
   

10.2 insanitybit/grapl: Graph platform for Detection and Response   DAG

1. “BSides Las Vegas 2019 - Ground Truth - Day 1 - YouTube”🔊   DAG
   

10.3 vega/vega: A visualization grammar.

10.4 Sampler - A Tool For Shell Commands Execution, Visualization And Alerting (Configured With A Simple YAML File)

10.5 RedHunt OS v2 - Virtual Machine For Adversary Emulation And Threat Hunting

11.1 SMBv3 Null Pointer Dereference vulnerability (CVE-2018-0833)

13.1 Feed

1. [A] firehol/blocklist-ipsets: ipsets dynamically updated with firehol’s update-ipsets.sh script   project
   
2. danielmiessler/SecLists: SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
   

13.2 jofpin/trape: People tracker on the Internet: OSINT analysis and research tool by Jose Pino

13.3 laramies/theHarvester: E-mails, subdomains and names Harvester - OSINT* dencrypt

13.4 https://digitalcommons.newhaven.edu/cgi/viewcontent.cgi?article=1049&context=electricalcomputerengineering-facpubs 【whatsapp】

13.5 https://commons.erau.edu/cgi/viewcontent.cgi?article=1477&context=jdfsl

13.6 streaak/keyhacks: Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they’re valid. [Key]

14.1 repo

1. MITRE Cybersecurity
   

14.2 chopshop - command line interface to ChopShop — ChopShop 4.0 documentation   Document

14.3 olafhartong/ThreatHunting: A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

15.1 cuckoosandbox/cuckoo: Cuckoo Sandbox is an automated dynamic malware analysis system

16.1 DATABASE

1. https://towardsdatascience.com/sqlalchemy-python-tutorial-79a577141a91
   
2. spacejam/sled: the champagne of beta embedded databases
   

16.2 Index

1. johnkerl/miller: Miller is like awk, sed, cut, join, and sort for name-indexed data such as CSV, TSV, and tabular JSON
   

16.3 Repo

1. Kitware, Inc.
   
2. Cisco DevNet
   
   1. YANG data - Google Search
      
3. SANS 2018 Holiday Hack Writeup
   
4. timetology
   

16.4 APP

1. GrigorDimitrov/TwitterSentimentAnalysis [twiter]
   

17.1 Search · bro http.log language:python

17.2 Ridter/Intranet_{PenetrationTips}: 2018 年初整理的一些内网渗透 TIPS，后面更新的慢，所以公开出来希望跟小伙伴们一起更新维护~

17.3 bagder (Daniel Stenberg)   NETWORK

18.1 OpenCTI-Platform/opencti: Open Cyber Threat Intelligence Platform

18.2 TheHive-Project/TheHive: TheHive: a Scalable, Open Source and Free Security Incident Response Platform

18.3 MISP - Malware Information Sharing Platform and Threat Sharing - The Open Source Threat Intelligence Platform

18.4 mitre/cti: Cyber Threat Intelligence Repository expressed in STIX 2.0 :ATT&CK:

18.5 ✘ CANCELED crits/crits: CRITs - Collaborative Research Into Threats

19.1 sroberts/awesome-iocs: A collection of sources of indicators of compromise.

19.2 Topic: dfir

19.3 MrAnde7son/LikeABro at e8451ba95ac5fa910a18268255a59dba78352bea

19.4 The impact of using large training data set KDD99 on classification accuracy {PeerJ Preprints}

19.5 ✰ Important My Software | Didier Stevens

20.1 Protecting Tor from Sybil attacks

20.2 NullHypothesis/zoossh: Parsing library for Tor-specific data formats.

20.3 The Effect of DNS on Tor’s Anonymity