threat-hunting

There are 615 repositories under threat-hunting topic.

MISP/MISP
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Language:PHP5.6k 278 6.7k1.4k
elceef/dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Language:Python5.1k 155 124790
OISF/suricata
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Language:C5k 176 01.5k
SwiftOnSecurity/sysmon-config
Sysmon configuration file template with default high-quality event tracing
4.9k 356 981.7k
OTRF/ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Language:Python4.1k 373 33824
0x4D31/awesome-threat-detection
✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️
4.1k 195 6680
intelowlproject/IntelOwl
IntelOwl: manage your Threat Intelligence at scale
Language:Python4.1k 78 619471
Cyb3rWard0g/HELK
The Hunting ELK
Language:Jupyter Notebook3.8k 217 453688
InQuest/awesome-yara
A curated list of awesome YARA rules, tools, and people.
3.7k 176 15507
Security-Onion-Solutions/securityonion
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
Language:Shell3.6k 89 2.6k539
alexandreborges/malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest, VxExchange and IPInfo, and it is also able to scan Android devices against VT.
Language:Python3.1k 119 35457
WithSecureLabs/chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
Language:Rust3.1k 56 110274
teler-sh/teler
Real-time HTTP Intrusion Detection
Language:Go3k 50 69252
olafhartong/sysmon-modular
A repository of sysmon configuration modules
Language:PowerShell2.7k 164 101609
Neo23x0/signature-base
YARA signature and IOC database for my scanners and tools
Language:YARA2.6k 192 97616
blackorbird/APT_REPORT
Interesting APT Report Collection And Some Special IOC
Language:Python2.5k 212 4521
Yamato-Security/hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Language:Rust2.5k 41 724212
sbousseaden/EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
Language:HTML2.3k 141 12411
elastic/detection-rules
Language:Python2.1k 87 1.6k529
yeti-platform/yeti
Your Everyday Threat Intelligence
Language:Python1.8k 103 597299
osintbrazuca/osint-brazuca
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
1.8k 97 20234
AmnestyTech/investigations
Indicators of Compromise from Amnesty International's cyber investigations
Language:Python1.6k 116 18177
matanolabs/matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Language:Rust1.5k 21 105109
StamusNetworks/SELKS
A Suricata based IDS/IPS/NSM distro
Language:Shell1.5k 100 412287
nshalabi/SysmonTools
Utilities for Sysmon
1.5k 93 20204
Bert-JanP/Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Language:Python1.4k 65 6256
ahmedkhlief/APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Language:Python1.3k 47 25242
deepfence/YaraHunter
🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍
Language:Go1.3k 13 19157
yampelo/beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Language:Python1.3k 47 50145
ION28/BLUESPAWN
An Active Defense and EDR software to empower Blue Teams
Language:C++1.3k 40 239171
0xrawsec/whids
Open Source EDR for Windows
Language:Go1.2k 44 130144
olafhartong/ThreatHunting
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
1.1k 63 89180
netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
1.1k 70 40208
alvin-tosh/Malware-Exhibit
🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.
Language:Assembly1k 28 17186
BushidoUK/Ransomware-Tool-Matrix
A resource containing all the tools each ransomware gangs uses
972 22 1109
osintbrazuca/osint-brazuca-regex
Repositório criado com intuito de reunir expressões regulares dentro do contexto Brasil
936 22 874

threat-hunting

MISP/MISP

elceef/dnstwist

OISF/suricata

SwiftOnSecurity/sysmon-config

OTRF/ThreatHunter-Playbook

0x4D31/awesome-threat-detection

intelowlproject/IntelOwl

Cyb3rWard0g/HELK

InQuest/awesome-yara

Security-Onion-Solutions/securityonion

alexandreborges/malwoverview

WithSecureLabs/chainsaw

teler-sh/teler

olafhartong/sysmon-modular

Neo23x0/signature-base

blackorbird/APT_REPORT

Yamato-Security/hayabusa

sbousseaden/EVTX-ATTACK-SAMPLES

elastic/detection-rules

yeti-platform/yeti

osintbrazuca/osint-brazuca

AmnestyTech/investigations

matanolabs/matano

StamusNetworks/SELKS

nshalabi/SysmonTools

Bert-JanP/Hunting-Queries-Detection-Rules

ahmedkhlief/APT-Hunter

deepfence/YaraHunter

yampelo/beagle

ION28/BLUESPAWN

0xrawsec/whids

olafhartong/ThreatHunting

netevert/sentinel-attack

alvin-tosh/Malware-Exhibit

BushidoUK/Ransomware-Tool-Matrix

osintbrazuca/osint-brazuca-regex