Alternatives and similar repositories for hunts

Users that are interested in hunts are comparing it to the libraries listed below

• Yamato-Security / suzaku-rules
  ☆12Updated this week
• blackstork-io / fabric-templates
  Open-source Fabric templates for cybersecurity and compliance
  ☆27Updated 10 months ago
• center-for-threat-informed-defense / summiting-the-pyramid
  Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…
  ☆51Updated 6 months ago
• BenjiTrapp / aws-threat-hunting
  Short deep dive into Threat Hunting on AWS
  ☆14Updated 2 years ago
• tropChaud / Cyber-Adversary-Heatmaps
  Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.
  ☆35Updated 3 years ago
• mgreen27 / mcp-velociraptor
  VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.
  ☆62Updated 3 months ago
• muchdogesec / obstracts
  Turn any blog into structured threat intelligence.
  ☆40Updated this week
• runreveal / sigmalite
  ☆52Updated 2 months ago
• Shuffle / workflows
  Workflows for Shuffle
  ☆24Updated 3 years ago
• cti-cmm / framework
  A new Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) to empower your team and create lasting value. Inspired by Industry N…
  ☆40Updated 7 months ago
• 3CORESec / Automata
  Automatic detection engineering technical state compliance
  ☆55Updated last year
• northsh / detection.studio
  Convert Sigma rules to SIEM queries, directly in your browser.
  ☆95Updated last month
• 100DaysofYARA / 2025
  Rules shared by the community from 100 Days of YARA 2025
  ☆37Updated 10 months ago
• M3NIX / sigmaio
  simple webapp for converting sigma rules into siem queries using the pySigma library
  ☆51Updated 2 years ago
• infosecB / detection-as-code
  An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
  ☆59Updated 3 years ago
• cyentific-rni / security-playbook-stix-misp-exchange
  This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that ma…
  ☆16Updated 3 years ago
• bartblaze / FARA
  Repository that contains a set of purposefully erroneous Yara rules.
  ☆61Updated 4 months ago
• mattreduce / cti-self-study
  Track progress and keep notes while working through likethecoins' CTI Self Study Plan
  ☆29Updated 3 years ago
• muchdogesec / txt2stix
  Extracts IoCs, TTPs and the relationships between them. Outputs a STIX 2.1 bundle.
  ☆77Updated last week
• korniko98 / pivot-atlas
  ☆100Updated last month
• jshlbrd / detection-engineering-pocket-guide
  pocket guide for core detection engineering concepts
  ☆30Updated 2 years ago
• svch0stz / TheThreatHuntLibrary
  Library of threat hunts to get any user started!
  ☆46Updated 5 years ago
• anvilogic-forge / armory
  Anvilogic Forge
  ☆112Updated 2 months ago
• AttackIQ / SigmAIQ
  A pySigma wrapper and langchain toolkit for automatic rule creation/translation
  ☆88Updated last month
• jalacloud / mcp-cti
  Repo for experimenting and testing MCP server builds for CTI-related research.
  ☆27Updated 6 months ago
• cudeso / proof-value-cti
  Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.
  ☆52Updated last year
• Cyb3rWard0g / IntelRAGU
  Intel Retrieval Augmented Generation (RAG) Utilities
  ☆91Updated last year
• invictus-ir / Sigma-AWS
  This repository contains the research and components of our research into using Sigma for AWS Incident Response.
  ☆31Updated 2 years ago
• cudeso / misp-tip-of-the-week
  A collection of tips for using MISP.
  ☆75Updated 11 months ago
• darkquasar / AIMOD2
  Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…
  ☆89Updated 2 years ago