TracecatHQ / hunts
π»ββοΈ πΉ Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.
β10Updated 11 months ago
Alternatives and similar repositories for hunts
Users that are interested in hunts are comparing it to the libraries listed below
Sorting:
- Firepit - STIX Columnar Storageβ16Updated 11 months ago
- Open-source Fabric templates for cybersecurity and complianceβ18Updated 4 months ago
- Threat Detection & Anomaly Detection rules for popular open-source componentsβ51Updated 2 years ago
- Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.β35Updated 2 years ago
- Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threaβ¦β18Updated 5 years ago
- Extract machine readable cyber threat intelligence from unstructured data (inc. PDFs, Word docs, and HTML pages)β15Updated this week
- This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that maβ¦β16Updated 2 years ago
- Workflows for Shuffleβ22Updated 2 years ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translationβ80Updated this week
- Extracts IoCs, TTPs and the relationships between them. Outputs a STIX 2.1 bundle.β53Updated this week
- Automatic detection engineering technical state complianceβ55Updated 10 months ago
- Sharing Threat Hunting runbooksβ25Updated 5 years ago
- Get started using Synapse Open-Source to start a Cortex and perform analysis within your area of expertise.β42Updated 2 years ago
- β88Updated 3 months ago
- Library of threat hunts to get any user started!β44Updated 4 years ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.β55Updated 3 years ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The researchβ¦β38Updated last month
- Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidentsβ41Updated last year
- DNS Dashboard for hunting and identifying beaconingβ16Updated 4 years ago
- β11Updated 4 years ago
- Repository that contains a set of purposefully erroneous Yara rules.β51Updated last year
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge baseβ23Updated 2 years ago
- β15Updated last year
- A few quick recipes for those that do not have much time during the dayβ22Updated 6 months ago
- YARA, SIGMA, SNORT Rules based on Malware Analysisβ16Updated 3 weeks ago
- Active Response plugin. Osquery to execute wazuh/ossec active response plugins. You can write your own plugins, easy to plugβ9Updated 4 years ago
- Jupyter Univere is a search engine for all infosec jupyter notebooksβ26Updated last month
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.β38Updated last year
- Merge of two major cyber adversary datasets, MITRE ATT&CK and ETDA/ThaiCERT Threat Actor Cards, enabling victim/motivation-adversary-techβ¦β54Updated 2 years ago
- CSIRT Jump Bagβ26Updated last year