285 Open source projects that are alternatives of or similar to Whids

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Deploy and maintain Symon through the Splunk Deployment Sever

incident response scripts

A repository of sysmon configuration modules

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Consolidation of various resources related to Microsoft Sysmon & sample data/log

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Automate the creation of a lab environment complete with security tooling and logging best practices

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

Misc Threat Hunting Resources

Test Blue Team detections without running any attack.

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Real-time HTTP Intrusion Detection

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

All-in-one bundle of MISP, TheHive and Cortex

Recon Hunt Queries

Signature base for my scanner tools

Sysmon configuration file template with default high-quality event tracing

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

🚌 The missing link to connect open-source threat intelligence tools.

Pushes Sysmon Configs

Windows Events Attack Samples

Incident Response - Fast suspicious file finder

Generic Signature Format for SIEM Systems

Extract and aggregate threat intelligence.

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Utilities for Sysmon

Your Everyday Threat Intelligence

Tools for the Computer Incident Response Team 💻

SIEM Tactics, Techiques, and Procedures

Splunk code (SPL) useful for serious threat hunters.

Indicator Extractor

Imago is a python tool that extract digital evidences from images.

Tools for hunting for threats.

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

A curated list of awesome threat detection and hunting resources

CIF v3 -- the fastest way to consume threat intelligence

Invoke-LiveResponse

Warning lists to inform users of MISP about potential false-positives or other information in indicators

Open-source framework to detect outliers in Elasticsearch events

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

A toolkit for Security Researchers

A port of Kaitai to the Hiew hex editor

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

A curated list of awesome forensic analysis tools and resources

Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

A curated list of awesome YARA rules, tools, and people.

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

Python API Client for TheHive

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Endpoint detection & Malware analysis software

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

Neutering Sysmon via driver unload

The tool for updating your Suricata rules.

PatrowlHears - Vulnerability Intelligence Center / Exploits