WhidsOpen Source EDR for Windows
Stars: ✭ 188 (-93.47%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (-98.92%)
ir scriptsincident response scripts
Stars: ✭ 17 (-99.41%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (-57.31%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-92.22%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-94.72%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (-74.37%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (-76.52%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (-92.95%)
HelkThe Hunting ELK
Stars: ✭ 3,097 (+7.57%)
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (-97.78%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (-66.1%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (-95.97%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (-91.07%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (-90.52%)
DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+12.43%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (-84.75%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (-84.65%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-97.71%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (-90.83%)
Sysmon ConfigSysmon configuration file template with default high-quality event tracing
Stars: ✭ 3,287 (+14.17%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (-92.53%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (-96.8%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-95.35%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (-63.98%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (-68.46%)
SWELFSimple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Stars: ✭ 23 (-99.2%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+2.67%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (-57.9%)
ThreathuntingTools for hunting for threats.
Stars: ✭ 153 (-94.69%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (-93.44%)
Bearded AvengerCIF v3 -- the fastest way to consume threat intelligence
Stars: ✭ 152 (-94.72%)
Werdlists⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Stars: ✭ 216 (-92.5%)
OpensquatDetection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Stars: ✭ 149 (-94.82%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (-26.57%)
Attack monitorEndpoint detection & Malware analysis software
Stars: ✭ 186 (-93.54%)
Thehive4pyPython API Client for TheHive
Stars: ✭ 143 (-95.03%)
Threatbus🚌 The missing link to connect open-source threat intelligence tools.
Stars: ✭ 139 (-95.17%)
Hfish安全、可靠、简单、免费的企业级蜜罐
Stars: ✭ 2,977 (+3.4%)
WindowsspyblockerWindowsSpyBlocker 🛡️ is an application written in Go and delivered as
a single executable to block spying and
tracking on Windows systems.
Stars: ✭ 2,913 (+1.18%)
Misp WarninglistsWarning lists to inform users of MISP about potential false-positives or other information in indicators
Stars: ✭ 184 (-93.61%)
LogontracerInvestigate malicious Windows logon by visualizing and analyzing Windows event log
Stars: ✭ 1,914 (-33.52%)
HAnnotate with anyone, anywhere.
Stars: ✭ 2,271 (-21.12%)
Windows event loggingWindows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
Stars: ✭ 128 (-95.55%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (-37.65%)
Yara RulesA collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Stars: ✭ 206 (-92.84%)
WefflesBuild a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Stars: ✭ 176 (-93.89%)
CirtkitTools for the Computer Incident Response Team 💻
Stars: ✭ 117 (-95.94%)
Threathunting SplSplunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117 (-95.94%)
PhishingkithunterFind phishing kits which use your brand/organization's files and image.
Stars: ✭ 177 (-93.85%)
CacadorIndicator Extractor
Stars: ✭ 115 (-96.01%)
CalderaAutomated Adversary Emulation Platform
Stars: ✭ 3,126 (+8.58%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (-92.32%)
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (-93.92%)