corelight/threat-hunting-guide external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

corelight/threat-hunting-guide

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/corelight/threat-hunting-guide)

Close

corelight / threat-hunting-guideView on GitHubMore

• External links
• Readme badge

☆58Mar 4, 2022Updated 4 years ago

Alternatives and similar repositories for threat-hunting-guide

Users that are interested in threat-hunting-guide are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• corelight / Corelight-Ansible-Roles

  View on GitHub
  Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…
  ☆16Jun 15, 2021Updated 4 years ago
• corelight / got_zoom

  View on GitHub
  A Zeek package that detects Zoom logins and meeting joins
  ☆12Apr 15, 2020Updated 5 years ago
• corelight / corelight-client

  View on GitHub
  Corelight Sensor API command-line client
  ☆17Jan 9, 2026Updated 2 months ago
• corelight / zeek-cheatsheets

  View on GitHub
  Zeek Log Cheatsheets
  ☆304Aug 12, 2025Updated 7 months ago
• zeek / spicy-analyzers

  View on GitHub
  Growing collection of Spicy-based protocol and file analyzers for Zeek
  ☆32Sep 16, 2024Updated last year
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• CriticalPathSecurity / zeek-scripts

  View on GitHub
  Bro Detection Scripts
  ☆10Mar 9, 2021Updated 5 years ago
• corelight / zeek-long-connections

  View on GitHub
  Zeek package for tracking long connections to report them before they have completed.
  ☆31Nov 25, 2025Updated 4 months ago
• ethack / tht

  View on GitHub
  Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science
  ☆151Mar 1, 2026Updated 3 weeks ago
• Th1ru-M / Windows-Threat-Hunting

  View on GitHub
  Hunt for Keywords , Mutex, Windows Event,Registry Keys,Process,Schedule tasks in Windows Machine
  ☆22Dec 8, 2024Updated last year
• activecm / threat-hunting-labs

  View on GitHub
  Collection of walkthroughs on various threat hunting techniques
  ☆76Aug 3, 2020Updated 5 years ago
• TheHive-Project / docs

  View on GitHub
  Official documentation for TheHive Project applications
  ☆21Sep 29, 2023Updated 2 years ago
• dfir-dd / incident-response-playbooks

  View on GitHub
  Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents
  ☆51Apr 25, 2024Updated last year
• WiredPulse / Invoke-Fail2Ban

  View on GitHub
  PowerShell version of Fail2Ban
  ☆13Oct 10, 2019Updated 6 years ago
• advanced-threat-research / Ripple-20-Detection-Logic

  View on GitHub
  Ripple20 Critical Vulnerabilities - Detection Logic and Signatures
  ☆12May 28, 2021Updated 4 years ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• activecm / threat-tools

  View on GitHub
  Tools for simulating threats
  ☆203Oct 27, 2023Updated 2 years ago
• corelight / zeek-quic

  View on GitHub
  Bro analyzer that detects Google's QUIC protocol
  ☆10Mar 2, 2021Updated 5 years ago
• brimdata / zync

  View on GitHub
  Kafka connector to sync Zed lakes to and from Kafka topics
  ☆18Dec 4, 2025Updated 3 months ago
• Truvis / SplunkDashboards

  View on GitHub
  Collection of Dashboards for Threat Hunting and more!
  ☆74Oct 17, 2020Updated 5 years ago
• FalconForceTeam / KQLAnalyzer

  View on GitHub
  REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
  ☆51Sep 22, 2025Updated 6 months ago
• nturley3 / zeek-kerberos-haters-guide

  View on GitHub
  Kerberos Haters Guide to Zeek Threat Hunting
  ☆35Oct 14, 2021Updated 4 years ago
• cisagov / sensitive-data-scanner

  View on GitHub
  A tool for detecting sensitive data in code repositories
  ☆18Feb 25, 2026Updated last month
• target / Threat-Hunting

  View on GitHub
  Jupyter notebooks for threat hunting
  ☆60Mar 26, 2025Updated last year
• Security-Onion-Solutions / securityonion-soc

  View on GitHub
  ☆61Updated this week
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• corelight / community-id-spec

  View on GitHub
  An open standard for hashing network flows into identifiers, a.k.a "Community IDs".
  ☆194Sep 23, 2024Updated last year
• chronicle / cli

  View on GitHub
  A CLI tool for managing Chronicle user workflows
  ☆18Sep 24, 2025Updated 6 months ago
• corelight / json-streaming-logs

  View on GitHub
  Zeek package to create JSON formatted logs to stream into data analysis systems.
  ☆30Dec 3, 2025Updated 3 months ago
• zeflow / Sigma2SplunkAlert

  View on GitHub
  Converts Sigma detection rules to a Splunk alert configuration.
  ☆12Jul 1, 2021Updated 4 years ago
• corelight / top-dns

  View on GitHub
  Top DNS Measurement for Bro
  ☆10Aug 22, 2020Updated 5 years ago
• juju4 / ansible-zeek

  View on GitHub
  setup zeek, previously Bro IDS
  ☆18Feb 5, 2026Updated last month
• joeavanzato / velociraptor-timeline-creator

  View on GitHub
  VTC - Velociraptor Timeline Creator
  ☆19May 15, 2024Updated last year
• Infocyte / PSHunt

  View on GitHub
  Powershell Threat Hunting Module
  ☆290Sep 21, 2016Updated 9 years ago
• alternat0r / training-basic-malware-analysis

  View on GitHub
  In this training will be covered about a very basic step for malware analysis. Using several free tools to recognize malware behavior. Si…
  ☆12May 25, 2016Updated 9 years ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• SecurityRiskAdvisors / RedTeamSIEM

  View on GitHub
  Repository of resources for configuring a Red Team SIEM using Elastic
  ☆102Jul 10, 2018Updated 7 years ago
• SCILabsMX / yaraZeekAlert

  View on GitHub
  This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a mat…
  ☆62Dec 16, 2023Updated 2 years ago
• IntelCorgi / OSINT_CyberChef_Recipes

  View on GitHub
  A collection of cyberchef recipes for use in osint investigations
  ☆14Jul 2, 2022Updated 3 years ago
• dgunter / ParseZeekLogs

  View on GitHub
  Utility for parsing Bro log files into CSV or JSON format
  ☆41Jan 12, 2023Updated 3 years ago
• salesforce / GQUIC_Protocol_Analyzer

  View on GitHub
  GQUIC Protocol Analyzer for Zeek (Bro) Network Security Monitor
  ☆80Sep 13, 2023Updated 2 years ago
• 0xN3utr0n / Kanis

  View on GitHub
  Advanced threat detection solution for Linux.
  ☆36Dec 5, 2020Updated 5 years ago
• mr-r3b00t / parse_win_log

  View on GitHub
  ☆14Aug 21, 2022Updated 3 years ago