threat-hunting

There are 139 repositories under threat-hunting topic.

• MISP / MISP

  MISP (core software) - Open Source Threat Intelligence and Sharing Platform

  mispthreat-sharingthreat-huntingthreatintelmalware-analysisstixinformation-exchangefraud-managementsecuritycticybersecurityfraud-detectionfraud-preventionthreat-analysisinformation-securityinformation-sharingthreat-intelligencethreat-intelligence-platformintelligencethreat-intel
  Language:PHP 4970

• SwiftOnSecurity / sysmon-config

  Sysmon configuration file template with default high-quality event tracing

  sysmonthreatintelthreat-huntingsysinternalswindowsnetsecmonitoringlogging
  4564

• elceef / dnstwist

  Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

  dnsdomainsfuzzinghomoglyphhomograph-attackidnosintphishingscannerthreat-huntingthreat-intelligencetyposquatting
  Language:Python 4521

• OISF / suricata

  Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

  cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
  Language:C 4030

• OTRF / ThreatHunter-Playbook

  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

  dfirhunterhuntinghunting-campaignshypothesismitremitre-attack-dbsysmonthreat-hunting
  Language:Python 3860

• Cyb3rWard0g / HELK

  The Hunting ELK

  huntingelasticsearchkibanalogstashhunting-platformselkelk-stackelasticdockerjupyter-notebookthreat-huntingsparkdockerhub
  Language:Jupyter Notebook 3692

• 0x4D31 / awesome-threat-detection

  ✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

  awesomeawesome-listdetectionincident-responsesecuritythreat-detectionthreat-hunting
  3327

• InQuest / awesome-yara

  A curated list of awesome YARA rules, tools, and people.

  awesomeawesome-listawesome-yaraiocmalware-analysismalware-detectionmalware-researchmalware-rulesthreat-huntingyarayara-manageryara-rulesyara-scanneryara-signatures
  3245
• IntelOwl

  intelowlproject / IntelOwl

  IntelOwl: manage your Threat Intelligence at scale

  cyber-securitycyber-threat-intelligencecybersecuritydfirenrichmenthacktoberfesthoneynetincident-responseintel-owliocmalware-analysismalware-analyzerosintosint-pythonpythonsecurity-toolsthreat-huntingthreat-intelligencethreathuntingthreatintel
  Language:Python 3103
• teler

  kitabisa / teler

  Real-time HTTP Intrusion Detection

  analyze-logsgogolangidsintrusionintrusion-detectionintrusion-detection-systemiocsloglog-analyzerlogsthreatthreat-analyzerthreat-huntingthreat-intelligencethreat-rules
  Language:Go 2965

• Security-Onion-Solutions / securityonion

  Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

  case-managementcyber-securityendpoint-securityinformation-securityintrusion-detection-systemmonitoringnetwork-securitysecuritysecurity-toolsthreat-hunting
  Language:Shell 2820

• alexandreborges / malwoverview

  Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

  alienvaultcybersecuritymalpediamalsharemalwaremalware-analysismalwarebazaarthreat-huntingthreatfoxthreathuntingthreatintelligencetriageurlhausvirustotal
  Language:Python 2701

• WithSecureLabs / chainsaw

  Rapidly Search and Hunt through Windows Forensic Artefacts

  attackrustsecuritythreat-huntingblueteamchainsawdetectiondfirforensicslogssigmawindowscountercept
  Language:Rust 2541

• olafhartong / sysmon-modular

  A repository of sysmon configuration modules

  sysmondfirthreat-huntingmitre-attackmodularsecurity-tools
  Language:PowerShell 2485

• Neo23x0 / signature-base

  YARA signature and IOC database for my scanners and tools

  anti-virusdfirhashiocscannersignaturethreat-huntingthreat-intelligenceyarayara-rules
  Language:YARA 2325

• blackorbird / APT_REPORT

  Interesting APT Report Collection And Some Special IOC

  aptcybersecuritymalwaresecuritythreat-hunting
  Language:Python 2175

• sbousseaden / EVTX-ATTACK-SAMPLES

  Windows Events Attack Samples

  threat-huntingevtxwindows-securitymitre-attackdetection-engineeringdatasetwinlogbeatdfir
  Language:HTML 2126

• Yamato-Security / hayabusa

  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  dfirthreathuntingwindowseventlogsrustsigmadetectionattackforensicsincidentresponsehayabusayamatosecuritycybersecurityincident-responsesecurity-automationthreat-hunting
  Language:Rust 1920

• yeti-platform / yeti

  Your Everyday Threat Intelligence

  dfirenrichmentinfosecintelligencethreat-huntingthreat-sharingthreatintel
  Language:Python 1625

• nshalabi / SysmonTools

  Utilities for Sysmon

  loggingmonitoringnetsecsysinternalssysmonthreat-huntingthreat-intelligencethreatintelwindows
  1445

• osintbrazuca / osint-brazuca

  Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

  brasilhackingosintthreat-huntingthreat-intelligencethreatintel
  1357
• matano

  matanolabs / matano

  Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

  awscloudsecuritybig-dataserverlessapache-iceberglog-analyticslog-managementthreat-huntingrustalertingcloud-nativeaws-securitycloud-securitycybersecuritysecopssecurity-toolsdfirdetection-engineeringsiem
  Language:Rust 1353
• beagle

  yampelo / beagle

  Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

  securitydigital-forensicsincident-responsegraphdfirforensic-analysisthreat-hunting
  Language:Python 1259

• deepfence / YaraHunter

  🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

  devsecopsdevsecops-best-practicesdevsecops-pipelineiocmalwarethreat-huntingyarayara-scannerci-cdhacktoberfest
  Language:Go 1229
• BLUESPAWN

  ION28 / BLUESPAWN

  An Active Defense and EDR software to empower Blue Teams

  active-defenseanti-virusblue-teamedrmitre-attacksecuritysecurity-toolsthreat-huntingwindows
  Language:C++ 1206

• StamusNetworks / SELKS

  A Suricata based IDS/IPS/NSM distro

  suricatanetworksecuritymonitoringmanagementidsipslinuxdistributionsecurity-monitoringthreat-huntingnetwork-intrusion-detectionnetwork-securityguiuser-interface
  Language:Shell 1168

• ahmedkhlief / APT-Hunter

  APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

  apt-attacksforensic-analysisincident-responsepurpleteampython3threat-huntingwindows-event-logswindows-eventlog
  Language:Python 1144

• olafhartong / ThreatHunting

  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

  splunkmitre-attackthreat-huntingdfir
  1103

• 0xrawsec / whids

  Open Source EDR for Windows

  dfirthreat-huntingwindowsidssysmonedr
  Language:Go 1048
• sentinel-attack

  netevert / sentinel-attack

  Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

  siemthreat-huntingazure-sentinelmitre-attacksysmonsysmon-configazureblue-teamcybersecurityloggingsecurity-toolsdetectionkqlworkbooksterraform-azure
  Language:HCL 1037

• Bert-JanP / Hunting-Queries-Detection-Rules

  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

  azuredefender-for-endpointdfirkqlsentinelthreat-huntingvulnerability-managementzero-dayblueteamcybersecuritymdemdiinfosecsecuritymisp
  Language:Python 994

• curated-intel / Ukraine-Cyber-Operations

  Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine.

  ukraineosintctithreat-intelligenceiocsthreat-huntingyaramalware
  Language:YARA 909

• alvin-tosh / Malware-Exhibit

  🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.

  aptcryptographycybersecurityencryption-decryptionethical-hackinginfoseckeyloggermalwaremalware-analysismalware-researchnotpetya-malwarepetyaransomwarespywarestealer-windowsthreat-huntingthreat-intelligencetrojanviruswannacry-ransomware
  Language:Assembly 900

• osintbrazuca / osint-brazuca-regex

  Repositório criado com intuito de reunir expressões regulares dentro do contexto Brasil

  brasilbrazilhackingosintregexthreat-huntingthreat-intelligence
  890

• ninoseki / mihari

  A query aggregator for OSINT based threat hunting

  threat-huntingthreat-intelligenceosint
  Language:Ruby 818
• Watcher

  thalesgroup-cert / Watcher

  Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

  certificate-transparencycertstreamcybersecuritydjangoincident-responsemispmonitoringnltkosintosint-pythonphishingreactjsrss-bridgesecuritythehivethreat-detectionthreat-huntingthreat-intelligencewatcherwebapp
  Language:Python 793