{"payload":{"pageCount":1,"repositories":[{"type":"Public","name":"FalconFriday","owner":"FalconForceTeam","isFork":false,"description":"Hunting queries and detections","topicNames":["sentinel","hunting","blueteam","purpleteam","kql","defender-atp","defender-for-endpoint"],"topicsNotShown":0,"primaryLanguage":null,"pullRequestCount":0,"issueCount":1,"starsCount":656,"forksCount":69,"license":"BSD 3-Clause \"New\" or \"Revised\" License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-04-04T15:13:01.356Z"}},{"type":"Public","name":"FalconHound","owner":"FalconForceTeam","isFork":false,"description":"FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool. ","topicNames":[],"topicsNotShown":0,"primaryLanguage":{"name":"Go","color":"#00ADD8"},"pullRequestCount":0,"issueCount":0,"starsCount":669,"forksCount":40,"license":"BSD 3-Clause \"New\" or \"Revised\" License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-03-09T20:29:38.003Z"}},{"type":"Public","name":"SOAPHound","owner":"FalconForceTeam","isFork":false,"description":"SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.","topicNames":[],"topicsNotShown":0,"primaryLanguage":{"name":"C#","color":"#178600"},"pullRequestCount":2,"issueCount":4,"starsCount":560,"forksCount":57,"license":"GNU General Public License v3.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-02-03T08:52:49.386Z"}},{"type":"Public","name":"KQLAnalyzer","owner":"FalconForceTeam","isFork":false,"description":"REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.","topicNames":[],"topicsNotShown":0,"primaryLanguage":{"name":"C#","color":"#178600"},"pullRequestCount":0,"issueCount":2,"starsCount":25,"forksCount":5,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-11-28T14:35:31.657Z"}},{"type":"Public","name":"AzureHoundAutoCollect","owner":"FalconForceTeam","isFork":false,"description":"Some plumbing to automate the collection of AzureHound","topicNames":[],"topicsNotShown":0,"primaryLanguage":{"name":"Shell","color":"#89e051"},"pullRequestCount":0,"issueCount":0,"starsCount":2,"forksCount":0,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-07-24T11:32:55.996Z"}},{"type":"Public","name":"ParrotForce","owner":"FalconForceTeam","isFork":false,"description":"Azure playbook for automatic evidence collection","topicNames":["automation","azure","response"],"topicsNotShown":0,"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":6,"forksCount":4,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-07-03T14:43:13.571Z"}},{"type":"Public","name":"FalconForge","owner":"FalconForceTeam","isFork":false,"description":"This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deploying a repository of use-cases for the Sentinel and Microsoft 365 Defender products.","topicNames":[],"topicsNotShown":0,"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":13,"forksCount":7,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-03-10T09:34:54.225Z"}},{"type":"Public","name":"SysWhispers2BOF","owner":"FalconForceTeam","isFork":false,"description":"Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs","topicNames":[],"topicsNotShown":0,"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":1,"issueCount":0,"starsCount":117,"forksCount":17,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-05-24T11:19:59.311Z"}},{"type":"Public","name":"ADExplorerSnapshot.py","owner":"FalconForceTeam","isFork":true,"description":"ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.","topicNames":[],"topicsNotShown":0,"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":2,"forksCount":99,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-04-06T12:32:14.229Z"}},{"type":"Public","name":"Azure-Sentinel","owner":"FalconForceTeam","isFork":true,"description":"Cloud-native SIEM for intelligent security analytics for your entire enterprise.","topicNames":[],"topicsNotShown":0,"primaryLanguage":{"name":"Jupyter Notebook","color":"#DA5B0B"},"pullRequestCount":0,"issueCount":0,"starsCount":7,"forksCount":2826,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-03-11T09:24:29.717Z"}},{"type":"Public","name":"BOF2shellcode","owner":"FalconForceTeam","isFork":false,"description":"POC tool to convert CobaltStrike BOF files to raw shellcode","topicNames":[],"topicsNotShown":0,"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":1,"starsCount":161,"forksCount":27,"license":"Other","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-11-05T18:37:53.056Z"}}],"repositoryCount":11,"userInfo":null,"searchable":true,"definitions":[],"typeFilters":[{"id":"all","text":"All"},{"id":"public","text":"Public"},{"id":"source","text":"Sources"},{"id":"fork","text":"Forks"},{"id":"archived","text":"Archived"},{"id":"mirror","text":"Mirrors"},{"id":"template","text":"Templates"}],"compactMode":false},"title":"Repositories"}