211 Open source projects that are alternatives of or similar to Threathunting Spl

Threat Detection & Anomaly Detection rules for popular open-source components

Pushes Sysmon Configs

Open-source framework to detect outliers in Elasticsearch events

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

SIEM Tactics, Techiques, and Procedures

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Microsoft Sentinel SOC Operations

Repository with Sample KQL Query examples for Threat Hunting

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

A text/template based rules engine

A repository of sysmon configuration modules

Utilities for Sysmon

Real-time Packet Observation Tool

Real-time HTTP Intrusion Detection

BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Android udev rules list aimed to be the most comprehensive on the net

Curated list of awesome cybersecurity companies and solutions.

An Active Defense and EDR software to empower Blue Teams

Free and open source log management

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

自用Clash 策略组及规则 及Subconverter 相关资源备份

The goal of this repository is to document the most common techniques to bypass AppLocker.

A Linux Auditd rule set mapped to MITRE's Attack Framework

Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.

Bringing you the best of the worst files on the Internet.

Kaspersky's GReAT KLara

Setup and run tests to verify Firestore security rules

Awesome Django authorization, without the database

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

SIEM-From-Scratch is a drop-in ELK based SIEM component for your Vagrant infosec lab

Windows Events Attack Samples

A scanner for taking basic fingerprints

A toolkit for Security Researchers

Powerful implementation of the Specification pattern in PHP

Signature base for my scanner tools

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Generic Rules engine in golang

No description, website, or topics provided.

Threat Alert Logic Repository

A curated list of awesome threat detection and hunting resources

A declarative programming framework

Explore Indicators of Compromise Automatically

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

有关于 CNBlackListR 项目的说明

A rules engine expressed in JSON

100% Java, Lambda Enabled, Lightweight Rules Engine with a Simple and Intuitive DSL

A collective list of public JSON APIs for use in security. Contributions welcome

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

A curated list of awesome YARA rules, tools, and people.

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Tools to create a Native Windows Audit Collection Platform. Active Directory example provided

Node-rules is a light weight forward chaining rule engine written in JavaScript.

Chnroutes rules for routers、Shadowrocket、Quantumult、Kitsunebi、acl、BifrostV、v2rayNG、v2rayN、clash、pac、Qv2ray、v2ray config file.

Business rules language for NRules rules engine.

Stick Rules -- Quantumult X / Loon / ClashX Rules \ Quantumult back to CN Rules

Extract and aggregate threat intelligence.

PatrowlHears - Vulnerability Intelligence Center / Exploits

PostCss plugin to use CSS Custom Properties in at-rule @each, @for, @if, @else and more...