Home Commands Tools Labs Defense Center Learning Paths Quizzes Challenges CTF Hubs Premium Log in

Library

Command reference

Search the live database for syntax, tools, use cases, tags, MITRE context, and safe lab-ready command examples.

140 results Clear filters
Defensive Beginner Free

Summarize Kubernetes cluster findings.

Summarize Kubernetes cluster findings.

trivy k8s --report summary cluster
trivy vulnerability-management expanded-library
Trivy / Vulnerability Management Open
Defensive Beginner Free

Generate a software bill of materials.

Generate a software bill of materials.

trivy sbom app:latest
trivy vulnerability-management expanded-library
Trivy / Vulnerability Management Open
Defensive Beginner Free

Ignore vulnerabilities without fixes.

Ignore vulnerabilities without fixes.

trivy image --ignore-unfixed app:latest
trivy vulnerability-management expanded-library
Trivy / Vulnerability Management Open
Defensive Beginner Free

Fail pipeline on critical vulnerabilities.

Fail pipeline on critical vulnerabilities.

trivy image --exit-code 1 --severity CRITICAL app:latest
trivy vulnerability-management expanded-library
Trivy / Vulnerability Management Open
Defensive Intermediate Free

Review Linux file integrity event families.

Review Linux file integrity event families.

rule.id:550 OR rule.id:553 OR rule.id:554
wazuh incident-response expanded-library
Wazuh / Incident Response Open
Defensive Intermediate Free

Review sudo execution events.

Review sudo execution events.

data.audit.exe:/usr/bin/sudo AND data.audit.command:*
wazuh incident-response expanded-library
Wazuh / Incident Response Open
Defensive Intermediate Free

Review AWS-related high severity detections.

Review AWS-related high severity detections.

rule.groups:aws AND rule.level:>=8
wazuh incident-response expanded-library
Wazuh / Incident Response Open
Defensive Intermediate Free

Find container privilege alerts.

Find container privilege alerts.

rule.groups:docker AND rule.description:*privileged*
wazuh incident-response expanded-library
Wazuh / Incident Response Open
Defensive Intermediate Free

Convert a Sigma rule to a Splunk query.

Convert a Sigma rule to a Splunk query.

sigma convert -t splunk rules/windows/process_creation/proc_creation_win_susp_powershell.yml
sigma detection-engineering expanded-library
Sigma / Detection Engineering Open
Defensive Intermediate Free

Validate process creation rules for syntax errors.

Validate process creation rules for syntax errors.

sigma check rules/windows/process_creation/*.yml
sigma detection-engineering expanded-library
Sigma / Detection Engineering Open
Defensive Intermediate Free

List supported SIEM conversion targets.

List supported SIEM conversion targets.

sigma list targets
sigma detection-engineering expanded-library
Sigma / Detection Engineering Open
Defensive Intermediate Free

Convert AWS failed login detection to ElastAlert.

Convert AWS failed login detection to ElastAlert.

sigma convert -t elastalert rules/cloud/aws/aws_console_login_failures.yml
sigma detection-engineering expanded-library
Sigma / Detection Engineering Open