corelight/threat-hunting-guide external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

corelight/threat-hunting-guide

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/corelight/threat-hunting-guide)

Close

corelight / threat-hunting-guideView on GitHubMore

• External links
• Readme badge

☆58Mar 4, 2022Updated 4 years ago

Alternatives and similar repositories for threat-hunting-guide

Users that are interested in threat-hunting-guide are comparing it to the libraries listed below

• corelight / Corelight-Ansible-Roles

  View on GitHub
  Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…
  ☆16Jun 15, 2021Updated 4 years ago
• corelight / zeek-cheatsheets

  View on GitHub
  Zeek Log Cheatsheets
  ☆303Aug 12, 2025Updated 6 months ago
• zeek / spicy-analyzers

  View on GitHub
  Growing collection of Spicy-based protocol and file analyzers for Zeek
  ☆32Sep 16, 2024Updated last year
• corelight / got_zoom

  View on GitHub
  A Zeek package that detects Zoom logins and meeting joins
  ☆12Apr 15, 2020Updated 5 years ago
• corelight / zeek2es

  View on GitHub
  A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…
  ☆39Aug 18, 2022Updated 3 years ago
• dfir-dd / incident-response-playbooks

  View on GitHub
  Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents
  ☆51Apr 25, 2024Updated last year
• joeavanzato / velociraptor-timeline-creator

  View on GitHub
  VTC - Velociraptor Timeline Creator
  ☆19May 15, 2024Updated last year
• Truvis / SplunkDashboards

  View on GitHub
  Collection of Dashboards for Threat Hunting and more!
  ☆74Oct 17, 2020Updated 5 years ago
• corelight / corelight-client

  View on GitHub
  Corelight Sensor API command-line client
  ☆17Jan 9, 2026Updated last month
• activecm / threat-hunting-labs

  View on GitHub
  Collection of walkthroughs on various threat hunting techniques
  ☆76Aug 3, 2020Updated 5 years ago
• target / Threat-Hunting

  View on GitHub
  Jupyter notebooks for threat hunting
  ☆60Mar 26, 2025Updated 11 months ago
• FalconForceTeam / KQLAnalyzer

  View on GitHub
  REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
  ☆51Sep 22, 2025Updated 5 months ago
• TheHive-Project / docs

  View on GitHub
  Official documentation for TheHive Project applications
  ☆21Sep 29, 2023Updated 2 years ago
• ethack / tht

  View on GitHub
  Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science
  ☆150Mar 1, 2026Updated last week
• alternat0r / training-basic-malware-analysis

  View on GitHub
  In this training will be covered about a very basic step for malware analysis. Using several free tools to recognize malware behavior. Si…
  ☆12May 25, 2016Updated 9 years ago
• Th1ru-M / Windows-Threat-Hunting

  View on GitHub
  Hunt for Keywords , Mutex, Windows Event,Registry Keys,Process,Schedule tasks in Windows Machine
  ☆22Dec 8, 2024Updated last year
• 0xrawsec / gene-rules

  View on GitHub
  ☆42Sep 16, 2022Updated 3 years ago
• CriticalPathSecurity / zeek-scripts

  View on GitHub
  Bro Detection Scripts
  ☆10Mar 9, 2021Updated 4 years ago
• openhunting-io / ohcti-malwareinfra

  View on GitHub
  Threat Hunting Malware Infrastructure
  ☆11Dec 3, 2023Updated 2 years ago
• advanced-threat-research / Ripple-20-Detection-Logic

  View on GitHub
  Ripple20 Critical Vulnerabilities - Detection Logic and Signatures
  ☆12May 28, 2021Updated 4 years ago
• activecm / threat-tools

  View on GitHub
  Tools for simulating threats
  ☆202Oct 27, 2023Updated 2 years ago
• SecurityRiskAdvisors / RedTeamSIEM

  View on GitHub
  Repository of resources for configuring a Red Team SIEM using Elastic
  ☆101Jul 10, 2018Updated 7 years ago
• corelight / zeek-long-connections

  View on GitHub
  Zeek package for tracking long connections to report them before they have completed.
  ☆31Nov 25, 2025Updated 3 months ago
• swisscom / Invoke-Forensics

  View on GitHub
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆118Nov 28, 2023Updated 2 years ago
• WiredPulse / Invoke-Fail2Ban

  View on GitHub
  PowerShell version of Fail2Ban
  ☆13Oct 10, 2019Updated 6 years ago
• SideChannelMarvels / DarkPhoenix

  View on GitHub
  Tool to perform differential fault analysis attack (DFA) on whiteboxes with external encodings.
  ☆16Feb 10, 2023Updated 3 years ago
• tomnomnom / athenz

  View on GitHub
  Athenz is a role-based authorization (RBAC) system for provisioning and configuration (centralized authorization) use cases as well as se…
  ☆13Oct 29, 2019Updated 6 years ago
• theY4Kman / suricata-prettifier

  View on GitHub
  Command-line tool to format and syntax highlight Suricata rules
  ☆13Nov 30, 2019Updated 6 years ago
• IntelCorgi / OSINT_CyberChef_Recipes

  View on GitHub
  A collection of cyberchef recipes for use in osint investigations
  ☆14Jul 2, 2022Updated 3 years ago
• StrangerealIntel / DeltaFlare

  View on GitHub
  ☆12Jun 29, 2021Updated 4 years ago
• 3CORESec / SIEGMA

  View on GitHub
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆159Mar 10, 2025Updated 11 months ago
• NVISOsecurity / evtx-hunter

  View on GitHub
  evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
  ☆158Nov 30, 2021Updated 4 years ago
• salesforce / GQUIC_Protocol_Analyzer

  View on GitHub
  GQUIC Protocol Analyzer for Zeek (Bro) Network Security Monitor
  ☆80Sep 13, 2023Updated 2 years ago
• jakewarren / suricata-rule-generator

  View on GitHub
  Quickly generate suricata rules for IOCs
  ☆28Apr 30, 2021Updated 4 years ago
• zeflow / Sigma2SplunkAlert

  View on GitHub
  Converts Sigma detection rules to a Splunk alert configuration.
  ☆12Jul 1, 2021Updated 4 years ago
• salesforce / multithreaded-exfil-detection

  View on GitHub
  A simple way of detecting multithreaded exfiltration in Zeek.
  ☆15May 1, 2025Updated 10 months ago
• ine-labs / ThreatSeeker

  View on GitHub
  ThreatSeeker: Threat Hunting via Windows Event Logs
  ☆124May 16, 2023Updated 2 years ago
• sandmaxprime / VagrantMalwareWin10VM

  View on GitHub
  Vagrant Files to create a Virtualbox VM for Malware Analysis
  ☆13Jun 1, 2021Updated 4 years ago
• blechschmidt / masswhois

  View on GitHub
  Single-threaded epoll-based concurrent bulk whois client
  ☆31Oct 31, 2017Updated 8 years ago