T: enhancement
Type: enhancement. This issue requires improving an existing feature
good first issue
This issue is ideal for new contributors to work on
#
threat-hunting
Here are 323 public repositories matching this topic...
Sysmon configuration file template with default high-quality event tracing
-
Updated
Feb 21, 2022
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
dns
osint
scanner
phishing
domains
fuzzing
threat-hunting
typosquatting
threat-intelligence
homograph-attack
idn
-
Updated
Mar 2, 2022 - Python
The Hunting ELK
docker
elasticsearch
kibana
logstash
spark
jupyter-notebook
elk
threat-hunting
dockerhub
elastic
hunting
elk-stack
hunting-platforms
-
Updated
May 12, 2021 - Jupyter Notebook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
Updated
Feb 19, 2022 - Python
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
python
ioc
enrichment
osint
incident-response
observable
free-software
threat-hunting
malware-analyzer
malware-analysis
threatintel
hacktoberfest
security-tools
threat-intelligence
honeynet
cyber-threat-intelligence
osint-python
intel-owl
-
Updated
Apr 8, 2022 - Python
A curated list of awesome threat detection and hunting resources
-
Updated
Mar 7, 2022
A curated list of awesome YARA rules, tools, and people.
ioc
awesome
awesome-list
threat-hunting
malware-analysis
malware-research
yara
yara-rules
malware-detection
yara-manager
yara-signatures
malware-rules
yara-scanner
awesome-yara
-
Updated
Mar 17, 2022
kingk789
commented
Feb 3, 2020
I was wondering the benefit of using Modular File Management vs Single Config File Management? Why do you consider it easier to use multiple files and then compile? Trying to figure out what the best case is for my use case. Thanks. #
Signature base for my scanner tools
-
Updated
Apr 1, 2022 - YARA
Windows Events Attack Samples
-
Updated
Feb 19, 2022 - HTML
Real-time HTTP Intrusion Detection
go
golang
log
logs
threat
ids
intrusion-detection
threat-hunting
iocs
log-analyzer
intrusion
intrusion-detection-system
threat-intelligence
threat-analyzer
analyze-logs
threat-rules
-
Updated
Apr 3, 2022 - Go
Your Everyday Threat Intelligence
-
Updated
Mar 21, 2022 - Python
Utilities for Sysmon
windows
monitoring
logging
sysmon
threat-hunting
threatintel
netsec
sysinternals
threat-intelligence
-
Updated
Aug 11, 2021
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
-
Updated
Mar 15, 2022 - Python
An Active Defense and EDR software to empower Blue Teams
-
Updated
Feb 23, 2022 - C++
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
-
Updated
Nov 18, 2021
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
azure
detection
logging
cybersecurity
sysmon
threat-hunting
siem
security-tools
blue-team
mitre-attack
workbooks
sysmon-config
terraform-azure
kql
azure-sentinel
-
Updated
Apr 27, 2021 - HCL
Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine.
-
Updated
Apr 7, 2022 - YARA
A Linux Auditd rule set mapped to MITRE's Attack Framework
-
Updated
Jul 8, 2020
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
incident-response
python3
threat-hunting
windows-eventlog
forensic-analysis
purpleteam
windows-event-logs
apt-attacks
-
Updated
Feb 9, 2022 - Python
Kaspersky's GReAT KLara
-
Updated
May 20, 2021 - PHP
A collection of resources for Threat Hunters - Sponsored by Falcon Guard
-
Updated
Feb 4, 2022 - Python
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
security
django
osint
reactjs
incident-response
cybersecurity
nltk
certificate-transparency
threat-hunting
watcher
misp
thehive
searx
threat-intelligence
rss-bridge
thehive4py
certstream
threat-detection
dnstwist
pymisp
-
Updated
Apr 1, 2022 - Python
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
graylog
logging
dfir
sysmon
threat-hunting
threat-sharing
threatintel
netsec
sysinternals
graylog-plugin
threat-analysis
threat-intelligence
mitre-attack
-
Updated
Feb 20, 2019 - Batchfile
A tool for OSINT based threat hunting
-
Updated
Apr 3, 2022 - HTML
Extract and aggregate threat intelligence.
ioc
osint
dfir
threat-hunting
malware-research
misp
threat-sharing
threatintel
yara
threat-analysis
fraud-detection
intelligence-gathering
security-tools
threat-intelligence
soar
indicators-of-compromise
threat-feeds
threat-intelligence-platform
-
Updated
Aug 3, 2021 - Python
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
azure
incident-response
dfir
cybersecurity
threat-hunting
digital-forensics
threathunting
cloud-forensics
azure-forensics
azuresearcher
azforensics
unifiedauditlog
powershellv5
-
Updated
Jan 22, 2022 - PowerShell
Improve this page
Add a description, image, and links to the threat-hunting topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the threat-hunting topic, visit your repo's landing page and select "manage topics."
Problem in MISP/app/Lib/Export/NidsExport.php /
causes there are two rows in beggening of all rules regarding email. Bug is in row 161