TracecatHQ / huntsLinks
π»ββοΈ πΉ Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.
β14Updated last year
Alternatives and similar repositories for hunts
Users that are interested in hunts are comparing it to the libraries listed below
Sorting:
- β12Updated 2 weeks ago
- Open-source Fabric templates for cybersecurity and complianceβ28Updated 11 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The researchβ¦β51Updated 7 months ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.β31Updated 2 years ago
- β52Updated 2 weeks ago
- Short deep dive into Threat Hunting on AWSβ15Updated 2 years ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.β60Updated 3 years ago
- Track progress and keep notes while working through likethecoins' CTI Self Study Planβ29Updated 3 years ago
- Automatic detection engineering technical state complianceβ55Updated last year
- pocket guide for core detection engineering conceptsβ31Updated 2 years ago
- β100Updated 2 weeks ago
- Convert Sigma rules to SIEM queries, directly in your browser.β107Updated last week
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.β53Updated last year
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365β23Updated last year
- The Event Maturity Matrix (EMM) is a comprehensive framework that provides clarity regarding the capabilities and nuances of SaaS audit lβ¦β30Updated 6 months ago
- Anvilogic Forgeβ113Updated 3 months ago
- This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that maβ¦β16Updated 3 years ago
- Workflows for Shuffleβ24Updated 3 years ago
- Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.β35Updated 3 years ago
- Extracts IoCs, TTPs and the relationships between them. Outputs a STIX 2.1 bundle.β77Updated last week
- A pySigma wrapper and langchain toolkit for automatic rule creation/translationβ89Updated last month
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)β36Updated last year
- Turn any blog into structured threat intelligence.β43Updated this week
- Library of threat hunts to get any user started!β46Updated 5 years ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each techniqueβ69Updated last year
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.β64Updated 4 months ago
- A new Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) to empower your team and create lasting value. Inspired by Industry Nβ¦β40Updated 8 months ago
- This is a repository to experiment with MCP for securityβ45Updated 11 months ago
- simple webapp for converting sigma rules into siem queries using the pySigma libraryβ51Updated 2 years ago
- Rules shared by the community from 100 Days of YARA 2025β37Updated 11 months ago