257 Open source projects that are alternatives of or similar to Threathunter Playbook

Open Source EDR for Windows

Deploy and maintain Symon through the Splunk Deployment Sever

incident response scripts

A repository of sysmon configuration modules

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Microsoft Sentinel SOC Operations

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Misc Threat Hunting Resources

A curated list of awesome threat detection and hunting resources

The Hunting ELK

Consolidation of various resources related to Microsoft Sysmon & sample data/log

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Incident Response - Fast suspicious file finder

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Automate the creation of a lab environment complete with security tooling and logging best practices

Extract and aggregate threat intelligence.

Pushes Sysmon Configs

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Recon Hunt Queries

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Sysmon configuration file template with default high-quality event tracing

Test Blue Team detections without running any attack.

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

All-in-one bundle of MISP, TheHive and Cortex

Utilities for Sysmon

Your Everyday Threat Intelligence

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

Signature base for my scanner tools

Windows Events Attack Samples

Tools for hunting for threats.

Everything related to Linux Forensics

CIF v3 -- the fastest way to consume threat intelligence

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Endpoint detection & Malware analysis software

Python API Client for TheHive

🚌 The missing link to connect open-source threat intelligence tools.

安全、可靠、简单、免费的企业级蜜罐

WindowsSpyBlocker 🛡️ is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems.

Warning lists to inform users of MISP about potential false-positives or other information in indicators

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Annotate with anyone, anywhere.

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.

Collaborative forensic timeline analysis

A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

Tools for the Computer Incident Response Team 💻

Splunk code (SPL) useful for serious threat hunters.

Find phishing kits which use your brand/organization's files and image.

Indicator Extractor

Automated Adversary Emulation Platform

Query and report user logons relations from MS Windows Security Events

PCAP Samples for Different Post Exploitation Techniques

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.