Threathunter Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Threathunter Playbook | 3,497 | 8 days ago | 5 | mit | Python | |||||
| A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient. | ||||||||||
| Hayabusa | 1,266 | 5 days ago | 29 | gpl-3.0 | Rust | |||||
| Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. | ||||||||||
| Cyberthreathunting | 716 | 8 days ago | gpl-3.0 | Python | ||||||
| A collection of resources for Threat Hunters - Sponsored by Falcon Guard | ||||||||||
| Wela | 494 | 4 months ago | 10 | gpl-3.0 | PowerShell | |||||
| WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ) | ||||||||||
| Oriana | 136 | 4 years ago | 1 | bsd-3-clause | Python | |||||
| Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments. | ||||||||||
| Threathunt | 70 | 4 years ago | 2 | mit | PowerShell | |||||
| ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills. | ||||||||||
| Threathunter Playbook | 11 | 6 years ago | mit | |||||||
| Threathunting_with_osquery | 11 | 2 years ago | ||||||||
| Threat Hunting & Incident Investigation with Osquery | ||||||||||
| Forensibus | 3 | 10 days ago | gpl-3.0 | Go | ||||||
| Digital forensics and incident response ETL | ||||||||||
| Cybersecurity Playground | 1 | 3 years ago | ||||||||
| CyberSecurity Resources (Threat Intelligence, Malware Analysis, Pentesting, DFIR, etc) | ||||||||||
Alternatives To Threathunter PlaybookSelect To Compare
Alternative Project Comparisons
Readme
The Threat Hunter Playbook
The Threat Hunter Playbook is a community-driven, open source project to share detection logic, adversary tradecraft and resources to make detection development more efficient. All the detection documents in this project follow the structure of MITRE ATT&CK categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks. The use of notebooks not only allow us to share text, queries and expected output, but also code to help others run detection logic against pre-recorded security datasets locally or remotely through BinderHub cloud computing environments.
Docs: https://threathunterplaybook.com/
Goals
- Expedite the development of techniques an hypothesis for hunting campaigns.
- Help security researchers understand patterns of behavior observed during post-exploitation.
- Share resources to validate analytics locally or remotely through cloud computing environments for free.
- Map pre-recorded datasets to adversarial techniques.
- Accelerate infosec learning through open source resources.
Author
Roberto Rodriguez @Cyb3rWard0g
Official Committers
- Jose Luis Rodriguez @Cyb3rPandaH is adding his expertise in data science to it.
Acknowledgements
- We document and share our content via a Jupyter Book which was created by Sam Lau and Chris Holdgraf with support of the UC Berkeley Data Science Education Program and the Berkeley Institute for Data Science
Popular Hunting Projects
Popular Dfir Projects
Popular Security Categories
Related Searches
Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Hunting
Dfir
Threat Hunting
Sysmon