Recon Hunt Queries
☆79May 16, 2021Updated 4 years ago
Alternatives and similar repositories for rhq
Users that are interested in rhq are comparing it to the libraries listed below
Sorting:
- Collection of operational focused osquery dashboards.☆11Jan 20, 2021Updated 5 years ago
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Jan 16, 2018Updated 8 years ago
- Threat Hunting & Incident Investigation with Osquery☆216Mar 30, 2022Updated 3 years ago
- Creates an ATT&CK Navigator map of an Adversary Emulation Plan☆17Sep 4, 2021Updated 4 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Transform EQL detection rules to VQL artifacts☆12Nov 12, 2021Updated 4 years ago
- ☆14Oct 24, 2024Updated last year
- Create alerts in The Hive from your Graylog alerts, to be turned into Hive cases.☆45Aug 17, 2020Updated 5 years ago
- Curated list of well-developed C# Offensive Tools☆20Jan 30, 2020Updated 6 years ago
- Searches For Threat Hunting and Security Analytics☆238Mar 26, 2025Updated 11 months ago
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Automatic detection engineering technical state compliance☆55Jul 7, 2024Updated last year
- Dockerfiles for containerized osquery☆14May 23, 2017Updated 8 years ago
- Kibana app for RedELK☆18Mar 19, 2023Updated 2 years ago
- Cyber Analytics Platform and Examination System (CAPES) Project Page☆14Feb 1, 2022Updated 4 years ago
- Triage automation for suspect URLs☆13Jul 23, 2019Updated 6 years ago
- ATT&CK Remote Threat Hunting Incident Response☆206Dec 8, 2024Updated last year
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆343Jun 25, 2022Updated 3 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- A framework for developing alerting and detection strategies for incident response.☆838Sep 8, 2025Updated 5 months ago
- Mapping the MITRE ATT&CK Matrix with Osquery☆806May 11, 2023Updated 2 years ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆290Jan 15, 2024Updated 2 years ago
- ☆168Jan 20, 2021Updated 5 years ago
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆505Oct 21, 2022Updated 3 years ago
- Advanced Hunting Queries for Microsoft Security Products☆108Jan 10, 2023Updated 3 years ago
- OSSEM Modular☆27Jun 29, 2020Updated 5 years ago
- Feed Generator for MISP☆19Nov 2, 2022Updated 3 years ago
- Event Trace Log file parser in pure Python☆150Nov 27, 2020Updated 5 years ago
- A repository for using osquery for incident detection and response☆881Sep 8, 2025Updated 5 months ago
- Black Friday deals (Cyber/OSINT/Infosec)☆29Dec 6, 2020Updated 5 years ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- Library of python scripts to apply Data Science in several forensics artifacts☆31Jul 16, 2020Updated 5 years ago
- Extract files off NTFS☆22Nov 1, 2014Updated 11 years ago
- Elemental - An ATT&CK Threat Library☆318Dec 8, 2022Updated 3 years ago
- A PowerShell module to deploy active directory decoy objects.☆240Nov 17, 2019Updated 6 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Nov 27, 2020Updated 5 years ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆804Jan 14, 2026Updated last month