TracecatHQ / hunts
๐ปโโ๏ธ ๐น Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.
โ10Updated 10 months ago
Alternatives and similar repositories for hunts:
Users that are interested in hunts are comparing it to the libraries listed below
- Workflows for Shuffleโ21Updated 2 years ago
- Firepit - STIX Columnar Storageโ16Updated 9 months ago
- Open-source Fabric templates for cybersecurity and complianceโ16Updated 2 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The researchโฆโ36Updated last week
- Threat Detection & Anomaly Detection rules for popular open-source componentsโ51Updated 2 years ago
- Automatic detection engineering technical state complianceโ55Updated 8 months ago
- Extract machine readable cyber threat intelligence from unstructured data (inc. PDFs, Word docs, and HTML pages)โ13Updated this week
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge baseโ23Updated 2 years ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.โ55Updated 3 years ago
- This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that maโฆโ16Updated 2 years ago
- Extracts IoCs, TTPs and the relationships between them. Outputs a STIX 2.1 bundle.โ49Updated this week
- SIEM USE Case Selection Methodologyโ16Updated 4 years ago
- Jupyter Univere is a search engine for all infosec jupyter notebooksโ26Updated this week
- Repository that contains a set of purposefully erroneous Yara rules.โ50Updated last year
- A few quick recipes for those that do not have much time during the dayโ22Updated 5 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translationโ78Updated last week
- โ14Updated 10 months ago
- ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CKยฎ vโฆโ19Updated this week
- Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidentsโ39Updated 11 months ago
- Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)โ23Updated 2 years ago
- Track progress and keep notes while working through likethecoins' CTI Self Study Planโ28Updated 2 years ago
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)โ32Updated last year
- Library of threat hunts to get any user started!โ42Updated 4 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365โ20Updated 5 months ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each techniqueโ66Updated last year
- Chapter 9: Disseminateโ14Updated 7 years ago
- Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.โ34Updated 2 years ago
- โ87Updated last month
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.โ27Updated last year
- Web app that provides basic navigation and annotation of ATT&CK matricesโ16Updated 4 years ago