|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Intelowl||2,770||an hour ago||85||agpl-3.0||Python|
|Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale|
|Data||1,464||2 months ago||28|
|Yeti||1,383||a month ago||136||apache-2.0||Python|
|Your Everyday Threat Intelligence|
|Hayabusa||1,267||8 hours ago||33||gpl-3.0||Rust|
|Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.|
|Threathunting||1,032||2 months ago||20||mit|
|A Splunk app mapped to MITRE ATT&CK to guide your threat hunts|
|Cyberthreathunting||716||8 days ago||gpl-3.0||Python|
|A collection of resources for Threat Hunters - Sponsored by Falcon Guard|
|Threatingestor||676||12 days ago||10||August 18, 2020||14||gpl-2.0||Python|
|Extract and aggregate threat intelligence.|
|Wela||494||4 months ago||10||gpl-3.0||PowerShell|
|WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）|
|Thehivedocs||365||2 years ago||109||agpl-3.0|
|Documentation of TheHive|
|Oriana||136||4 years ago||1||bsd-3-clause||Python|
|Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.|
This is a Splunk application containing several dashboards and over 130 reports that will facilitate initial hunting indicators to investigate.
You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found here
Note: This application is not a magic bullet, it will require tuning and real investigative work to be truly effective in your environment. Try to become best friends with your system administrators. They will be able to explain a lot of the initially discovered indicators.
Big credit goes out to MITRE for creating the ATT&CK framework!
Pull requests / issue tickets and new additions will be greatly appreciated!
I strive to map all searches to the ATT&CK framework. A current ATT&CK navigator export of all linked configurations is found here and can be viewed here
A step by step guide kindly written by Kirtar Oza can be found here
A more detailed explanation of all functions can be found here or in this blog post