Cyberthreathunting
A collection of resources for Threat Hunters - Sponsored by Falcon Guard
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Wazuh | 6,063 | 6 hours ago | 2,400 | other | C | |||||
| Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads. | ||||||||||
| Misp | 4,414 | 9 hours ago | 2,256 | agpl-3.0 | PHP | |||||
| MISP (core software) - Open Source Threat Intelligence and Sharing Platform | ||||||||||
| Opencti | 3,625 | 6 hours ago | 541 | other | JavaScript | |||||
| Open Cyber Threat Intelligence Platform | ||||||||||
| Intelowl | 2,777 | a day ago | 86 | agpl-3.0 | Python | |||||
| Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale | ||||||||||
| Malwoverview | 2,113 | 3 months ago | 35 | June 29, 2022 | 2 | gpl-3.0 | Python | |||
| Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT. | ||||||||||
| Securityonion | 1,982 | 7 hours ago | 117 | Shell | ||||||
| Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek. | ||||||||||
| Hayabusa | 1,279 | 13 hours ago | 36 | gpl-3.0 | Rust | |||||
| Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. | ||||||||||
| Adversary_emulation_library | 1,131 | 9 days ago | 19 | apache-2.0 | C | |||||
| An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs. | ||||||||||
| Intelmq | 824 |  | 2 | 2 | 14 days ago | 44 | September 10, 2021 | 205 | agpl-3.0 | Python |
| IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol. | ||||||||||
| Cyberthreathunting | 716 | 15 days ago | gpl-3.0 | Python | ||||||
| A collection of resources for Threat Hunters - Sponsored by Falcon Guard | ||||||||||
Alternatives To CyberthreathuntingSelect To Compare
Alternative Project Comparisons
Readme
Cyber Threat Hunting
A collection of tools and other resources for threat hunters.
Sections
- Hunting Tools - A collection of our open source tools for hunting
- Resources - Useful resources to get started in Threat Hunting
- Must Read - Articles and blog posts covering different aspects of Threat Hunting
- Custom Scripts - Our own tools and scripts to support different types of hunts
Hunting Tools
- Facebook's osquery
- Google's GRR
- Logging, searching and visualization with ELK
- Back to Basics: Enhance Windows Security with Sysmon and Graylog
- Building a Sysmon Dashboard with an ELK Stack
- Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
- Advanced Threat detection Configurations for Graylog
- Elk + Osquery + Kolide Fleet = Love - Hunting with ELK, Osquery and Kolide Fleet
- Velociraptor
Resources
- MITRE ATT&CK - A curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
- MITRE CAR - A knowledge base of analytics developed by MITRE based on the Adversary Tactics, Techniques, and Common Knowledge (ATT&CK™) threat model.
- Threat Hunting with Bro IDS
- Automating APT Scanning with Loki Scanner and Splunk
- The ThreatHunting Project - A great collection of hunts by @DavidJBianco
- Threat Hunting Techniques - AV, Proxy, DNS and HTTP Logs
- Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)
- The ThreatHunter-Playbook - Hunting by leveraging Sysmon and Windows Events logs
- Detecting Lateral Movement through Tracking Event Logs
- How to build a Threat Hunting platform using ELK Stack
- Endpoint Detection of Remote Service Creation and PsExec - Hunting for lateral movement with Event Tracing for Windows (ETW)
Must Read
- Threat Hunting:Open Season on the Adversary
- The Who, What, Where, When, Why and How of Effective Threat Hunting
- Incident Response is Dead... Long Live Incident Response
- Hunting, and Knowing What To Hunt For
- Cyber Hunting: 5 Tips To Bag Your Prey
- A Simple Hunting Maturity Model
- A Framework for Cyber Threat Hunting
- Seek Evil, and Ye Shall Find: A Guide to Cyber Threat Hunting Operations
- A Guide to Cyber Threat Hunting Operations
- Inside 3 top threat hunting tools - High level overview of Sqrrl, Infocyte and EndGame
- True Threat Hunting: more than just threats and anomalies - Some valid thoughts on what's needed for an effective Threat Hunting program
Popular Threat Projects
Popular Cybersecurity Projects
Popular Security Categories
Related Searches
Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Python
Cybersecurity
Elk
Threat
Hunting
Threat Intelligence
Dfir
Incident Response
Threat Hunting
Osquery
Sysmon