114 Open source projects that are alternatives of or similar to Hunting Mindmaps

My personal experience in Threat Hunting and knowledge gained so far.

Threat Hunting queries for various attacks

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Repository with Sample KQL Query examples for Threat Hunting

Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

Extract and aggregate threat intelligence.

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

A scanner for taking basic fingerprints

Searches online paste sites for certain search terms which can indicate a possible data breach.

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Kaspersky's GReAT KLara

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

incident response scripts

Explore Indicators of Compromise Automatically

Python bindings for Yeti's API

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

Threat hunting Web Windows AD linux ATT&CK TTPs

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

A simple threat hunting tool based on osquery, Salt Open and Cymon API

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Pushes Sysmon Configs

A Linux Auditd rule set mapped to MITRE's Attack Framework

Recon Hunt Queries

Real-time Packet Observation Tool

Lightweight File Integrity Monitoring Tool

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

enpoint detection / live analysis & sandbox host / signatures quality test

Signature base for my scanner tools

Leverage Sophos Central API

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

Threat research and reporting from IronNet's Threat Research Teams

BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

Incident Response - Fast suspicious file finder

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.

Windows Events Attack Samples

Repository for threat hunting and detection queries, tools, etc.

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Threat Detection & Anomaly Detection rules for popular open-source components

Utilities for Sysmon

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

Clusters and elements to attach to MISP events or attributes (like threat actors)

The Ultimate OSINT and Threat Hunting Framework

Bringing you the best of the worst files on the Internet.

hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)

Sysmon configuration file template with default high-quality event tracing

Random hunting ordiented yara rules

An Active Defense and EDR software to empower Blue Teams

The Hunting ELK

Real-time HTTP Intrusion Detection

A repository of sysmon configuration modules

Your Everyday Threat Intelligence

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation