Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for threat hunting
threat-hunting
x
260 search results found
Misp
⭐
4,835
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Sysmon Config
⭐
4,512
Sysmon configuration file template with default high-quality event tracing
Dnstwist
⭐
4,285
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Threathunter Playbook
⭐
3,826
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Suricata
⭐
3,738
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Helk
⭐
3,633
The Hunting ELK
Awesome Threat Detection
⭐
3,331
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
Awesome Yara
⭐
3,095
A curated list of awesome YARA rules, tools, and people.
Intelowl
⭐
2,995
IntelOwl: manage your Threat Intelligence at scale
Securityonion
⭐
2,589
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
Teler
⭐
2,577
Real-time HTTP Intrusion Detection
Chainsaw
⭐
2,519
Rapidly Search and Hunt through Windows Forensic Artefacts
Malwoverview
⭐
2,492
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
Sysmon Modular
⭐
2,364
A repository of sysmon configuration modules
Signature Base
⭐
2,187
YARA signature and IOC database for my scanners and tools
Evtx Attack Samples
⭐
2,124
Windows Events Attack Samples
Apt_report
⭐
2,078
Interesting APT Report Collection And Some Special IOC
Hayabusa
⭐
1,800
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Yeti
⭐
1,568
Your Everyday Threat Intelligence
Sysmontools
⭐
1,405
Utilities for Sysmon
Matano
⭐
1,259
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Yarahunter
⭐
1,225
🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍
Beagle
⭐
1,171
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Threatpursuit Vm
⭐
1,161
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
Selks
⭐
1,120
A Suricata based IDS/IPS/NSM distro
Osint Brazuca
⭐
1,100
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Threathunting
⭐
1,088
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Apt Hunter
⭐
1,045
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Sentinel Attack
⭐
1,038
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Cyber Security
⭐
1,000
My cyber security tools
Whids
⭐
921
Open Source EDR for Windows
Bluespawn
⭐
912
An Active Defense and EDR software to empower Blue Teams
Ukraine Cyber Operations
⭐
891
Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine.
Hunting Queries Detection Rules
⭐
865
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Malware Exhibit
⭐
857
🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.
Osint Brazuca Regex
⭐
841
Repositório criado com intuito de reunir expressões regulares dentro do contexto Brasil
Mihari
⭐
803
A query aggregator for OSINT based threat hunting
Watcher
⭐
795
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Cyberthreathunting
⭐
755
A collection of resources for Threat Hunters - Sponsored by Falcon Guard
Atomic Threat Coverage
⭐
740
Actionable analytics designed to combat threats
Threatingestor
⭐
730
Extract and aggregate threat intelligence.
Klara
⭐
630
Kaspersky's GReAT KLara
Azurehunter
⭐
626
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
Fatt
⭐
622
FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Tenzir
⭐
608
Open source security data pipelines.
Patrowlmanager
⭐
598
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Chameleon
⭐
593
19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)
Stalkphish
⭐
581
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Opensquat
⭐
576
The openSquat project is an open-source solution for detecting phishing domains and domain squatting. It searches for newly registered domains that impersonate legitimate domains on a daily basis.
Scirius
⭐
552
Scirius is a web application for Suricata ruleset management and threat hunting.
Auditd Attack
⭐
533
A Linux Auditd rule set mapped to MITRE's Attack Framework
Sysmon Config
⭐
529
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
Threat Hunting And Detection
⭐
509
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Threathunting
⭐
495
Tools for hunting for threats.
Siem
⭐
489
SIEM Tactics, Techiques, and Procedures
Osquery Defense Kit
⭐
485
Production-ready detection & response queries for osquery
Misp Galaxy
⭐
455
Clusters and elements to attach to MISP events or attributes (like threat actors)
Scrummage
⭐
448
The Ultimate OSINT and Threat Hunting Framework
Eventlogging
⭐
438
Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
Mdatp
⭐
429
Microsoft Defender XDR - Resource Hub
Fcl
⭐
411
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Meerkat
⭐
407
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Open Source Threat Intel Feeds
⭐
403
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
Adaz
⭐
391
🔧 Deploy customizable Active Directory labs in Azure - automatically.
C2intelfeeds
⭐
390
Automatically created C2 Feeds
Evtx To Mitre Attack
⭐
370
Set of EVTX samples (>270) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.
Rmeye
⭐
350
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.
Kql
⭐
326
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
Owlyshield
⭐
301
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).
Detectionlabelk
⭐
299
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Werdlists
⭐
296
⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Kql Threat Hunting Queries
⭐
287
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
Soc Multitool
⭐
286
A powerful and user-friendly browser extension that streamlines investigations for security professionals.
Securityresearcher Note
⭐
280
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
Attackdatamap
⭐
279
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Yara Rules
⭐
277
Collection of private Yara rules.
Openuba
⭐
264
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
Kunai
⭐
261
Threat-hunting tool for Linux
Yara Rules
⭐
261
A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Kestrel Lang
⭐
258
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
Threathunting Keywords
⭐
252
Awesome list of keywords for Threat Hunting sessions
Patrowlengines
⭐
240
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Threatbus
⭐
239
🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
Osweep
⭐
237
Don't Just Search OSINT. Sweep It.
Threatpinchlookup
⭐
236
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Hednsextractor
⭐
234
A suite for hunting suspicious targets, expose domains and phishing discovery
Sigma Detection Rules
⭐
229
Set of SIGMA rules (>320) mapped to MITRE Att@k tactic and techniques
Malware Database
⭐
226
A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.
Adama
⭐
226
Searches For Threat Hunting and Security Analytics
C2 Tracker
⭐
225
Live Feed of C2 servers, tools, and botnets
Microsoft Sentinel Secops
⭐
211
Microsoft Sentinel SOC Operations
Stix Shifter
⭐
204
This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.
Ee Outliers
⭐
204
Open-source framework to detect outliers in Elasticsearch events
Sublime Rules
⭐
198
Sublime rules for email attack detection, prevention, and threat hunting.
Epagneul
⭐
180
Graph Visualization for windows event logs
Bearded Avenger
⭐
176
CIF v3 -- the fastest way to consume threat intelligence
Mindmaps
⭐
172
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Fennec
⭐
170
Artifact collection tool for *nix systems
Litmus_test
⭐
168
Detecting ATT&CK techniques & tactics for Linux
Phishingkithunter
⭐
157
Find phishing kits which use your brand/organization's files and image.
1-100 of 260 search results
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.