#
threat-hunting
Here are 250 public repositories matching this topic...
Sysmon configuration file template with default high-quality event tracing
-
Updated
May 28, 2021
The Hunting ELK
docker
elasticsearch
kibana
logstash
spark
jupyter-notebook
elk
threat-hunting
dockerhub
elastic
hunting
elk-stack
hunting-platforms
-
Updated
May 12, 2021 - Jupyter Notebook
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
dns
osint
scanner
phishing
domains
fuzzing
threat-hunting
typosquatting
threat-intelligence
homograph-attack
idn
-
Updated
Jun 4, 2021 - Python
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
-
Updated
May 22, 2021 - Python
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
python
ioc
enrichment
osint
incident-response
observable
free-software
threat-hunting
malware-analyzer
malware-analysis
threatintel
hacktoberfest
security-tools
threat-intelligence
honeynet
cyber-threat-intelligence
osint-python
intel-owl
-
Updated
Jun 4, 2021 - Python
A curated list of awesome threat detection and hunting resources
-
Updated
Apr 8, 2021
A curated list of awesome YARA rules, tools, and people.
ioc
awesome
awesome-list
threat-hunting
malware-analysis
malware-research
yara
yara-rules
malware-detection
yara-manager
yara-signatures
malware-rules
yara-scanner
awesome-yara
-
Updated
Mar 31, 2021
kingk789
commented
Feb 3, 2020
I was wondering the benefit of using Modular File Management vs Single Config File Management? Why do you consider it easier to use multiple files and then compile? Trying to figure out what the best case is for my use case. Thanks. #
Real-time HTTP Intrusion Detection
go
golang
log
logs
threat
ids
intrusion-detection
threat-hunting
iocs
log-analyzer
intrusion
intrusion-detection-system
threat-intelligence
threat-analyzer
analyze-logs
threat-rules
-
Updated
May 27, 2021 - Go
Windows Events Attack Samples
-
Updated
Apr 22, 2021 - PowerShell
Signature base for my scanner tools
-
Updated
Jun 4, 2021 - YARA
Your Everyday Threat Intelligence
-
Updated
May 12, 2021 - Python
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
-
Updated
Jun 1, 2021 - Python
Utilities for Sysmon
windows
monitoring
logging
sysmon
threat-hunting
threatintel
netsec
sysinternals
threat-intelligence
-
Updated
Dec 16, 2020
An Active Defense and EDR software to empower Blue Teams
-
Updated
Apr 29, 2021 - C++
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
-
Updated
Mar 5, 2021 - Python
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
azure
detection
logging
cybersecurity
sysmon
threat-hunting
siem
security-tools
blue-team
mitre-attack
workbooks
sysmon-config
terraform-azure
kql
azure-sentinel
-
Updated
Apr 27, 2021 - HCL
A Linux Auditd rule set mapped to MITRE's Attack Framework
-
Updated
Jul 8, 2020
Kaspersky's GReAT KLara
-
Updated
May 20, 2021 - PHP
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
graylog
logging
dfir
sysmon
threat-hunting
threat-sharing
threatintel
netsec
sysinternals
graylog-plugin
threat-analysis
threat-intelligence
mitre-attack
-
Updated
Feb 20, 2019 - Batchfile
Extract and aggregate threat intelligence.
ioc
osint
dfir
threat-hunting
malware-research
misp
threat-sharing
threatintel
yara
threat-analysis
fraud-detection
intelligence-gathering
security-tools
threat-intelligence
soar
indicators-of-compromise
threat-feeds
threat-intelligence-platform
-
Updated
Feb 3, 2021 - Python
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
command-line
incident-response
malware
threat-hunting
malware-analysis
malware-detection
fcl
file-less
-
Updated
Apr 8, 2021
Open
Feedback
1
antonmalae
commented
Nov 15, 2018
I think that you are doing a very necessary system and your idea is cool, but at the moment it has a lot of bugs. From what I noticed, the assets do not understand the ascii characters and the system crashes. In addition, I did not find a description of the API, I would like to integrate your system into TheHive, or rather make it possible to view information about an asset in TheHive. I believe t
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
security
django
reactjs
incident-response
cybersecurity
nltk
threat-hunting
watcher
misp
thehive
searx
tlsh
threat-intelligence
rss-bridge
thehive4py
threat-detection
nltk-python
dnstwist
pymisp
python-tlsh
-
Updated
Jun 4, 2021 - Python
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
incident-response
python3
threat-hunting
windows-eventlog
forensic-analysis
purpleteam
windows-event-logs
apt-attacks
-
Updated
Apr 30, 2021 - Python
A framework for continuous OSINT based threat hunting
-
Updated
Jun 5, 2021 - HTML
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
-
Updated
May 17, 2021 - PowerShell
Improve this page
Add a description, image, and links to the threat-hunting topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the threat-hunting topic, visit your repo's landing page and select "manage topics."
Problem in MISP/app/Lib/Export/NidsExport.php /
causes there are two rows in beggening of all rules regarding email. Bug is in row 161