GossiTheDog / ThreatHunting
Tools for hunting for threats.
☆579Updated 4 months ago
Alternatives and similar repositories for ThreatHunting:
Users that are interested in ThreatHunting are comparing it to the libraries listed below
- CyLR - Live Response Collection Tool☆665Updated 2 years ago
- A Splunk app mapped to MITRE ATT&CK to guide your threat hunts☆1,145Updated last year
- Hunting queries and detections☆774Updated last month
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆794Updated 2 months ago
- Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK☆1,065Updated 3 months ago
- A collection of red team and adversary emulation resources developed and released by MITRE.☆498Updated 3 years ago
- Tool Analysis Result Sheet☆347Updated 7 years ago
- Misc Threat Hunting Resources☆373Updated 2 years ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆711Updated 2 months ago
- A Powershell incident response framework☆1,589Updated 2 years ago
- Actionable analytics designed to combat threats☆982Updated 2 years ago
- Bloodhound Reporting for Blue and Purple Teams☆1,162Updated 3 weeks ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆606Updated 8 months ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆911Updated last year
- Atomic Purple Team Framework and Lifecycle☆292Updated 4 years ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆885Updated last year
- A knowledge base of actionable Incident Response techniques☆633Updated 2 years ago
- Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …☆793Updated last year
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.