123 Open source projects that are alternatives of or similar to ps-srum-hunting

Microsoft Sentinel SOC Operations

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

A toolkit for Security Researchers

Real-time HTTP Intrusion Detection

All-in-one bundle of MISP, TheHive and Cortex

A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Explore Indicators of Compromise Automatically

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Personal compilation of APT malware from whitepaper releases, documents and own research

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

This repository contains tools used by 401trg.

A curated list of awesome YARA rules, tools, and people.

🔧 Automatically deploy customizable Active Directory labs in Azure

PatrowlHears - Vulnerability Intelligence Center / Exploits

Consolidation of various resources related to Microsoft Sysmon & sample data/log

A repository of sysmon configuration modules

PCAP Samples for Different Post Exploitation Techniques

Your Everyday Threat Intelligence

Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).

Tools for hunting for threats.

A scanner for taking basic fingerprints

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Don't Just Search OSINT. Sweep It.

🚌 The missing link to connect open-source threat intelligence tools.

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..

Splunk code (SPL) useful for serious threat hunters.

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

A curated list of awesome threat detection and hunting resources

🦜 yair - a high-level compiler IR entirely written in Rust

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Misc Threat Hunting Resources

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Open Source EDR for Windows

🔍 Mindmaps for threat hunting - work in progress.

the fastest way to consume threat intelligence.

Windows Events Attack Samples

Find phishing kits which use your brand/organization's files and image.

Signature base for my scanner tools

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Bringing you the best of the worst files on the Internet.

Open-source framework to detect outliers in Elasticsearch events

Real-time Packet Observation Tool

Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations

BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

SIEM Tactics, Techiques, and Procedures

Utilities for Sysmon

A helper to run OSINT queries & manage results continuously

An Active Defense and EDR software to empower Blue Teams

CIF v3 -- the fastest way to consume threat intelligence

Tracking APT IOCs

Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.

Deploy and maintain Symon through the Splunk Deployment Sever

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.