Awesome Open Source

Programming Languages

Search results for threat hunting

threat-hunting x

260 search results found

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Sysmon Config ⭐ 4,512

Sysmon configuration file template with default high-quality event tracing

Dnstwist ⭐ 4,285

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Threathunter Playbook ⭐ 3,826

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Suricata ⭐ 3,738

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

The Hunting ELK

Awesome Threat Detection ⭐ 3,331

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Awesome Yara ⭐ 3,095

A curated list of awesome YARA rules, tools, and people.

Intelowl ⭐ 2,995

IntelOwl: manage your Threat Intelligence at scale

Securityonion ⭐ 2,589

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

Teler ⭐ 2,577

Real-time HTTP Intrusion Detection

Chainsaw ⭐ 2,519

Rapidly Search and Hunt through Windows Forensic Artefacts

Malwoverview ⭐ 2,492

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

Sysmon Modular ⭐ 2,364

A repository of sysmon configuration modules

Signature Base ⭐ 2,187

YARA signature and IOC database for my scanners and tools

Evtx Attack Samples ⭐ 2,124

Windows Events Attack Samples

Apt_report ⭐ 2,078

Interesting APT Report Collection And Some Special IOC

Hayabusa ⭐ 1,800

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Your Everyday Threat Intelligence

Sysmontools ⭐ 1,405

Utilities for Sysmon

Matano ⭐ 1,259

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Yarahunter ⭐ 1,225

🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

Beagle ⭐ 1,171

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Threatpursuit Vm ⭐ 1,161

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

Selks ⭐ 1,120

A Suricata based IDS/IPS/NSM distro

Osint Brazuca ⭐ 1,100

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Threathunting ⭐ 1,088

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Apt Hunter ⭐ 1,045

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Sentinel Attack ⭐ 1,038

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Cyber Security ⭐ 1,000

My cyber security tools

Open Source EDR for Windows

Bluespawn ⭐ 912

An Active Defense and EDR software to empower Blue Teams

Ukraine Cyber Operations ⭐ 891

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine.

Hunting Queries Detection Rules ⭐ 865

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Malware Exhibit ⭐ 857

🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.

Osint Brazuca Regex ⭐ 841

Repositório criado com intuito de reunir expressões regulares dentro do contexto Brasil

A query aggregator for OSINT based threat hunting

Watcher ⭐ 795

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Cyberthreathunting ⭐ 755

A collection of resources for Threat Hunters - Sponsored by Falcon Guard

Atomic Threat Coverage ⭐ 740

Actionable analytics designed to combat threats

Threatingestor ⭐ 730

Extract and aggregate threat intelligence.

Kaspersky's GReAT KLara

Azurehunter ⭐ 626

A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

Open source security data pipelines.

Patrowlmanager ⭐ 598

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Chameleon ⭐ 593

19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)

Stalkphish ⭐ 581

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Opensquat ⭐ 576

The openSquat project is an open-source solution for detecting phishing domains and domain squatting. It searches for newly registered domains that impersonate legitimate domains on a daily basis.

Scirius ⭐ 552

Scirius is a web application for Suricata ruleset management and threat hunting.

Auditd Attack ⭐ 533

A Linux Auditd rule set mapped to MITRE's Attack Framework

Sysmon Config ⭐ 529

Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing

Threat Hunting And Detection ⭐ 509

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Threathunting ⭐ 495

Tools for hunting for threats.

SIEM Tactics, Techiques, and Procedures

Osquery Defense Kit ⭐ 485

Production-ready detection & response queries for osquery

Misp Galaxy ⭐ 455

Clusters and elements to attach to MISP events or attributes (like threat actors)

Scrummage ⭐ 448

The Ultimate OSINT and Threat Hunting Framework

Eventlogging ⭐ 438

Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.

Microsoft Defender XDR - Resource Hub

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

Meerkat ⭐ 407

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

Open Source Threat Intel Feeds ⭐ 403

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

🔧 Deploy customizable Active Directory labs in Azure - automatically.

C2intelfeeds ⭐ 390

Automatically created C2 Feeds

Evtx To Mitre Attack ⭐ 370

Set of EVTX samples (>270) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.

戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

Owlyshield ⭐ 301

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).

Detectionlabelk ⭐ 299

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Werdlists ⭐ 296

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Kql Threat Hunting Queries ⭐ 287

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Soc Multitool ⭐ 286

A powerful and user-friendly browser extension that streamlines investigations for security professionals.

Securityresearcher Note ⭐ 280

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

Attackdatamap ⭐ 279

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Yara Rules ⭐ 277

Collection of private Yara rules.

Openuba ⭐ 264

A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]

Threat-hunting tool for Linux

Yara Rules ⭐ 261

A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

Kestrel Lang ⭐ 258

Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

Threathunting Keywords ⭐ 252

Awesome list of keywords for Threat Hunting sessions

Patrowlengines ⭐ 240

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Threatbus ⭐ 239

🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.

Don't Just Search OSINT. Sweep It.

Threatpinchlookup ⭐ 236

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Hednsextractor ⭐ 234

A suite for hunting suspicious targets, expose domains and phishing discovery

Sigma Detection Rules ⭐ 229

Set of SIGMA rules (>320) mapped to MITRE Att@k tactic and techniques

Malware Database ⭐ 226

A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.

Searches For Threat Hunting and Security Analytics

C2 Tracker ⭐ 225

Live Feed of C2 servers, tools, and botnets

Microsoft Sentinel Secops ⭐ 211

Microsoft Sentinel SOC Operations

Stix Shifter ⭐ 204

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

Ee Outliers ⭐ 204

Open-source framework to detect outliers in Elasticsearch events

Sublime Rules ⭐ 198

Sublime rules for email attack detection, prevention, and threat hunting.

Epagneul ⭐ 180

Graph Visualization for windows event logs

Bearded Avenger ⭐ 176

CIF v3 -- the fastest way to consume threat intelligence

Mindmaps ⭐ 172

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Artifact collection tool for *nix systems

Litmus_test ⭐ 168

Detecting ATT&CK techniques & tactics for Linux

Phishingkithunter ⭐ 157

Find phishing kits which use your brand/organization's files and image.

1-100 of 260 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.