corelight/threat-hunting-guide external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

corelight/threat-hunting-guide

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/corelight/threat-hunting-guide)

Close

corelight / threat-hunting-guideView on GitHubMore

• External links
• Readme badge

☆58Mar 4, 2022Updated 4 years ago

Alternatives and similar repositories for threat-hunting-guide

Users that are interested in threat-hunting-guide are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• corelight / Corelight-Ansible-Roles

  View on GitHub
  Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…
  ☆16Jun 15, 2021Updated 4 years ago
• corelight / got_zoom

  View on GitHub
  A Zeek package that detects Zoom logins and meeting joins
  ☆12Apr 15, 2020Updated 6 years ago
• corelight / corelight-client

  View on GitHub
  Corelight Sensor API command-line client
  ☆17Jan 9, 2026Updated 3 months ago
• corelight / zeek-cheatsheets

  View on GitHub
  Zeek Log Cheatsheets
  ☆304Aug 12, 2025Updated 8 months ago
• zeek / spicy-analyzers

  View on GitHub
  Growing collection of Spicy-based protocol and file analyzers for Zeek
  ☆32Sep 16, 2024Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• CriticalPathSecurity / zeek-scripts

  View on GitHub
  Bro Detection Scripts
  ☆10Mar 9, 2021Updated 5 years ago
• corelight / zeek-long-connections

  View on GitHub
  Zeek package for tracking long connections to report them before they have completed.
  ☆31Nov 25, 2025Updated 4 months ago
• ethack / tht

  View on GitHub
  Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science
  ☆152Apr 1, 2026Updated 2 weeks ago
• corelight / zeek2es

  View on GitHub
  A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…
  ☆39Aug 18, 2022Updated 3 years ago
• Th1ru-M / Windows-Threat-Hunting

  View on GitHub
  Hunt for Keywords , Mutex, Windows Event,Registry Keys,Process,Schedule tasks in Windows Machine
  ☆22Dec 8, 2024Updated last year
• TheHive-Project / docs

  View on GitHub
  Official documentation for TheHive Project applications
  ☆21Sep 29, 2023Updated 2 years ago
• activecm / threat-hunting-labs

  View on GitHub
  Collection of walkthroughs on various threat hunting techniques
  ☆77Aug 3, 2020Updated 5 years ago
• dfir-dd / incident-response-playbooks

  View on GitHub
  Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents
  ☆51Apr 25, 2024Updated last year
• activecm / zeek-open-connections

  View on GitHub
  ☆17Mar 24, 2026Updated 3 weeks ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• WiredPulse / Invoke-Fail2Ban

  View on GitHub
  PowerShell version of Fail2Ban
  ☆13Oct 10, 2019Updated 6 years ago
• advanced-threat-research / Ripple-20-Detection-Logic

  View on GitHub
  Ripple20 Critical Vulnerabilities - Detection Logic and Signatures
  ☆12May 28, 2021Updated 4 years ago
• activecm / threat-tools

  View on GitHub
  Tools for simulating threats
  ☆203Oct 27, 2023Updated 2 years ago
• corelight / zeek-quic

  View on GitHub
  Bro analyzer that detects Google's QUIC protocol
  ☆11Mar 2, 2021Updated 5 years ago
• brimdata / zync

  View on GitHub
  Kafka connector to sync Zed lakes to and from Kafka topics
  ☆18Dec 4, 2025Updated 4 months ago
• Truvis / SplunkDashboards

  View on GitHub
  Collection of Dashboards for Threat Hunting and more!
  ☆74Oct 17, 2020Updated 5 years ago
• FalconForceTeam / KQLAnalyzer

  View on GitHub
  REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
  ☆51Sep 22, 2025Updated 6 months ago
• cisagov / sensitive-data-scanner

  View on GitHub
  A tool for detecting sensitive data in code repositories
  ☆18Mar 26, 2026Updated 3 weeks ago
• target / Threat-Hunting

  View on GitHub
  Jupyter notebooks for threat hunting
  ☆60Apr 7, 2026Updated last week
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• salesforce / multithreaded-exfil-detection

  View on GitHub
  A simple way of detecting multithreaded exfiltration in Zeek.
  ☆15May 1, 2025Updated 11 months ago
• endgameinc / SANS_THIR16

  View on GitHub
  SANS Hunting on the Cheap
  ☆36Apr 12, 2016Updated 10 years ago
• corelight / community-id-spec

  View on GitHub
  An open standard for hashing network flows into identifiers, a.k.a "Community IDs".
  ☆194Sep 23, 2024Updated last year
• 808ale / AD_Pentest_Bundle

  View on GitHub
  Various AD tools needed for penetration testing in one place.
  ☆23Jul 13, 2023Updated 2 years ago
• corelight / json-streaming-logs

  View on GitHub
  Zeek package to create JSON formatted logs to stream into data analysis systems.
  ☆30Dec 3, 2025Updated 4 months ago
• zeflow / Sigma2SplunkAlert

  View on GitHub
  Converts Sigma detection rules to a Splunk alert configuration.
  ☆12Jul 1, 2021Updated 4 years ago
• corelight / top-dns

  View on GitHub
  Top DNS Measurement for Bro
  ☆10Aug 22, 2020Updated 5 years ago
• juju4 / ansible-zeek

  View on GitHub
  setup zeek, previously Bro IDS
  ☆18Apr 5, 2026Updated 2 weeks ago
• joeavanzato / velociraptor-timeline-creator

  View on GitHub
  VTC - Velociraptor Timeline Creator
  ☆19May 15, 2024Updated last year
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• Infocyte / PSHunt

  View on GitHub
  Powershell Threat Hunting Module
  ☆290Sep 21, 2016Updated 9 years ago
• alternat0r / training-basic-malware-analysis

  View on GitHub
  In this training will be covered about a very basic step for malware analysis. Using several free tools to recognize malware behavior. Si…
  ☆12May 25, 2016Updated 9 years ago
• SecurityRiskAdvisors / RedTeamSIEM

  View on GitHub
  Repository of resources for configuring a Red Team SIEM using Elastic
  ☆102Jul 10, 2018Updated 7 years ago
• SCILabsMX / yaraZeekAlert

  View on GitHub
  This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a mat…
  ☆62Dec 16, 2023Updated 2 years ago
• IntelCorgi / OSINT_CyberChef_Recipes

  View on GitHub
  A collection of cyberchef recipes for use in osint investigations
  ☆14Jul 2, 2022Updated 3 years ago
• dgunter / ParseZeekLogs

  View on GitHub
  Utility for parsing Bro log files into CSV or JSON format
  ☆41Jan 12, 2023Updated 3 years ago
• salesforce / GQUIC_Protocol_Analyzer

  View on GitHub
  GQUIC Protocol Analyzer for Zeek (Bro) Network Security Monitor
  ☆80Sep 13, 2023Updated 2 years ago