Detect leaks in security event logs.
-
Updated
Apr 9, 2019 - Python
Detect leaks in security event logs.
Lightweight Endpoint Detection & Response (EDR) Framework
Another Threat Hunting knowledge base :) based on MITRE ATT&CK Matrix
Extract logs based off events from sysmon. Comes as a package, cli and ui.
frontend, model registry, model search, and model marketplace for OpenUBA
Library of threat hunts to get any user started!
Pull your DS rules and build a ATT&CK matrix
Detecting ATT&CK techniques & tactics for Linux
Collection of Dashboards for Threat Hunting and more!
A powershell tool that automate the remote forensic evidence adquisitions (triage) from Remote windows machines, using KAPE tool.
Volatility MindMap & Cheat Sheet
l
Actionable analytics designed to combat threats
SOC Functional Model (SFM) helps organizations to plan & prepare setting up a new SOC or to asses your existing SOC capabilities and identify the areas to focus.
Enhance your malware detection with WAF + YARA (WAFARAY)
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
This is a simple Python script that connects to a MISP instance and retrieves attributes of specific types (such as IP addresses, URLs, and hashes). The retrieved attributes are then written to separate files.
Add a description, image, and links to the threathunting topic page so that developers can more easily learn about it.
To associate your repository with the threathunting topic, visit your repo's landing page and select "manage topics."