Awesome list of keywords and artifacts for Threat Hunting sessions
-
Updated
May 27, 2024 - HTML
Awesome list of keywords and artifacts for Threat Hunting sessions
IOK (Indicator Of Kit) is an open source language and ruleset for detecting phishing threat actor tools and tactics
A repository that stores CTI Knowledge-bases in versioned STIX 2.1 Bundles.
SysFlow edge processing pipeline
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
Sigma detection rules for hunting with the threathunting-keywords project
Convert Sigma Rules to different formats
An Autopsy data source ingest module for detection of IOCs in EVTX for Windows and Auditd for Linux based on SIGMA Rules.
Analyzes tags of Sigma, Yara and CSIEM rules
Python tool for analyzing Windows event logs using Sigma rules for threat detection
Threat Detection Repository - YARA / SIGMA rules
Web app that allows you to browse and explore the Sigma rules supported by uberAgent ESA's Threat Detection Engine.
Framework definitions that allow to build a custom SIEM.
uberAgent backend for the Sigma rule converter.
Repository of Sigma Rules
OSINT script to mine and retrieve Yara and Sigma rules from Github repositories using search API
Script that organize Sigma rules by MITRE | ATT&CK tactics and techniques.
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
Add a description, image, and links to the sigma-rules topic page so that developers can more easily learn about it.
To associate your repository with the sigma-rules topic, visit your repo's landing page and select "manage topics."