pocket guide for core threat hunting concepts
☆23May 6, 2020Updated 5 years ago
Alternatives and similar repositories for threat-hunting-pocket-guide
Users that are interested in threat-hunting-pocket-guide are comparing it to the libraries listed below
Sorting:
- Repository resource threat intelligence for SOC☆10Sep 14, 2018Updated 7 years ago
- Python script to automatically create sigma rules from The hive observables☆25Mar 17, 2019Updated 6 years ago
- Appendix resources for Intrinsec's "Amélioration des capacités de détection" handbook.☆13Mar 26, 2018Updated 7 years ago
- certstream + analytics☆11Jan 17, 2020Updated 6 years ago
- ☆15Sep 24, 2024Updated last year
- A cyber threat intelligence server based on TAXII 2 and written in Golang☆32Sep 19, 2019Updated 6 years ago
- Powershell collection designed to assist in Threat Hunting Windows systems.☆27Apr 13, 2018Updated 7 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆12Jul 1, 2021Updated 4 years ago
- ☆13Feb 6, 2018Updated 8 years ago
- ☆34Jan 22, 2025Updated last year
- pocket guide for core detection engineering concepts☆31May 8, 2023Updated 2 years ago
- A tool for studying JavaScript malware.☆15Updated this week
- provides a Suricata Eve output for Kafka with Suricate Eve plugin☆15Nov 25, 2021Updated 4 years ago
- Terraform modules for Sumo Logic resources☆16Mar 2, 2026Updated last week
- A curated list of awesome YARA rules, tools, and people.☆33Oct 26, 2023Updated 2 years ago
- FireEye iSIGHT Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆16Oct 12, 2018Updated 7 years ago
- Exporting MISP event attributes to yara rules usable with Thor apt scanner☆24Mar 27, 2017Updated 8 years ago
- Validates yara rules and tries to repair the broken ones.☆41Sep 5, 2020Updated 5 years ago
- Threat Hunter's Knowledge Base☆22Dec 27, 2021Updated 4 years ago
- Graph Representation of MITRE ATT&CK's CTI data☆51Nov 14, 2019Updated 6 years ago
- Advanced Persistent Threat Detection Using Network Analysis☆23Feb 28, 2019Updated 7 years ago
- Creating a Feed of MISP Events from ThreatFox (by abuse.ch)☆19Jun 2, 2021Updated 4 years ago
- Expert Investigation Guides☆51Mar 18, 2021Updated 4 years ago
- Microsoft Flow Attack Framework☆23Nov 14, 2019Updated 6 years ago
- A collection of typical false positive indicators☆56Dec 5, 2020Updated 5 years ago
- An npm package for extracting common IoC (Indicator of Compromise) from a block of text☆60Oct 5, 2025Updated 5 months ago
- Providing timelines based on OSINT Reports☆31Jun 21, 2023Updated 2 years ago
- YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.☆27Dec 14, 2021Updated 4 years ago
- A set of tools for collecting forensic information☆27Apr 4, 2020Updated 5 years ago
- ☆11Feb 9, 2023Updated 3 years ago
- Various public documents, whitepapers and articles about APT campaigns☆55Apr 1, 2016Updated 9 years ago
- This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant ya…☆120Apr 14, 2021Updated 4 years ago
- ☆349Mar 19, 2021Updated 4 years ago
- An example of a downloader written in NodeJS.☆24Apr 17, 2021Updated 4 years ago
- A Splunk app with saved reports derived from Sigma rules☆73Apr 24, 2018Updated 7 years ago
- Threat Hunting with ELK Workshop (InfoSecWorld 2017)☆65Oct 31, 2017Updated 8 years ago
- The "Let's-defend-solution" directory contains the answers to all paths of the Let's Defend platform that were saved by the creator 8 mon…☆12Apr 27, 2023Updated 2 years ago
- Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert☆37Nov 9, 2022Updated 3 years ago
- Community content for LogRhythm Axon. Includes Dashboards, searches, analytics rules, processing policies and more.☆10Jul 26, 2024Updated last year