TracecatHQ / huntsLinks
๐ปโโ๏ธ ๐น Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.
โ14Updated last year
Alternatives and similar repositories for hunts
Users that are interested in hunts are comparing it to the libraries listed below
Sorting:
- Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.โ35Updated 3 years ago
- โ100Updated 2 weeks ago
- Short deep dive into Threat Hunting on AWSโ15Updated 2 years ago
- Open-source Fabric templates for cybersecurity and complianceโ28Updated 11 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The researchโฆโ51Updated 7 months ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.โ60Updated 3 years ago
- โ52Updated 2 weeks ago
- โ12Updated 2 weeks ago
- simple webapp for converting sigma rules into siem queries using the pySigma libraryโ51Updated 2 years ago
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.โ65Updated 4 months ago
- This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that maโฆโ16Updated 3 years ago
- Anvilogic Forgeโ113Updated 3 months ago
- Convert Sigma rules to SIEM queries, directly in your browser.โ107Updated last week
- A new Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) to empower your team and create lasting value. Inspired by Industry Nโฆโ40Updated 8 months ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromiseโ67Updated last year
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.โ53Updated last year
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)โ36Updated last year
- Extracts IoCs, TTPs and the relationships between them. Outputs a STIX 2.1 bundle.โ77Updated last week
- Library of threat hunts to get any user started!โ46Updated 5 years ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translationโ89Updated last month
- pocket guide for core detection engineering conceptsโ31Updated 2 years ago
- Automatic detection engineering technical state complianceโ55Updated last year
- An open-source command-line tool for cybersecurity reporting automation and a configuration language for reusable templates. Reporting-asโฆโ64Updated 5 months ago
- Turn any blog into structured threat intelligence.โ43Updated this week
- Repo for experimenting and testing MCP server builds for CTI-related research.โ27Updated 7 months ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.โ31Updated 2 years ago
- ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CKยฎ knowledge base at your fingertips with text search, conteโฆโ80Updated 6 months ago
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.โ51Updated 8 months ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each techniqueโ69Updated last year
- Workflows for Shuffleโ24Updated 3 years ago