333 Open source projects that are alternatives of or similar to Threathunt

incident response scripts

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

All-in-one bundle of MISP, TheHive and Cortex

Incident Response - Fast suspicious file finder

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Recon Hunt Queries

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Python API Client for Cortex

Carve file metadata from NTFS index ($I30) attributes

A repository of sysmon configuration modules

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Live system forensic collector

You didn't think I'd go and leave the blue team out, right?

Deploy and maintain Symon through the Splunk Deployment Sever

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

PS / Bash / Python / Other scripts For FUN!

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

Provides various Windows Server Active Directory (AD) security-focused reports.

Trace ScriptBlock execution for powershell v2

Cortex: a Powerful Observable Analysis and Active Response Engine

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

A list of cyber-chef recipes and curated links

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Cortex Analyzers Repository

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

DFIRTrack - The Incident Response Tracking Application

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Microsoft Sentinel SOC Operations

🔮 Visibility Across Space and Time

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Signature base for my scanner tools

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

Your Everyday Threat Intelligence

Docker configurations for TheHive, Cortex and 3rd party tools

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Digital Forensics Investigation Platform

Searches online paste sites for certain search terms which can indicate a possible data breach.

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

A Lambda-powered Security Orchestration framework for AWS GuardDuty

Documentation of TheHive

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Explore Indicators of Compromise Automatically

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Extract and aggregate threat intelligence.

Test Blue Team detections without running any attack.

A knowledge base of actionable Incident Response techniques

Parses Windows event logs files based on SANS Poster

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity