jshlbrd / threat-hunting-pocket-guideView external linksLinks
pocket guide for core threat hunting concepts
☆23May 6, 2020Updated 5 years ago
Alternatives and similar repositories for threat-hunting-pocket-guide
Users that are interested in threat-hunting-pocket-guide are comparing it to the libraries listed below
Sorting:
- Repository resource threat intelligence for SOC☆10Sep 14, 2018Updated 7 years ago
- Python script to automatically create sigma rules from The hive observables☆25Mar 17, 2019Updated 6 years ago
- certstream + analytics☆11Jan 17, 2020Updated 6 years ago
- Appendix resources for Intrinsec's "Amélioration des capacités de détection" handbook.☆13Mar 26, 2018Updated 7 years ago
- ☆15Sep 24, 2024Updated last year
- A cyber threat intelligence server based on TAXII 2 and written in Golang☆32Sep 19, 2019Updated 6 years ago
- Powershell collection designed to assist in Threat Hunting Windows systems.☆27Apr 13, 2018Updated 7 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆12Jul 1, 2021Updated 4 years ago
- ☆13Feb 6, 2018Updated 8 years ago
- ☆33Jan 22, 2025Updated last year
- pocket guide for core detection engineering concepts☆31May 8, 2023Updated 2 years ago
- A tool for studying JavaScript malware.☆15Feb 9, 2026Updated last week
- Terraform modules for Sumo Logic resources☆16Dec 16, 2025Updated 2 months ago
- A curated list of awesome YARA rules, tools, and people.☆33Oct 26, 2023Updated 2 years ago
- Exporting MISP event attributes to yara rules usable with Thor apt scanner☆24Mar 27, 2017Updated 8 years ago
- FireEye iSIGHT Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆16Oct 12, 2018Updated 7 years ago
- A project in Golang that will create prefix-based magic MD5 hashes for type juggling.☆20Jul 29, 2018Updated 7 years ago
- Collection of Jupyter Notebook for Threat Hunting and Blue Team Purposes☆22Jun 15, 2022Updated 3 years ago
- Repository for my ATT&CK analysis research.☆71May 16, 2019Updated 6 years ago
- Threat Hunter's Knowledge Base☆22Dec 27, 2021Updated 4 years ago
- Graph Representation of MITRE ATT&CK's CTI data☆51Nov 14, 2019Updated 6 years ago
- Creating a Feed of MISP Events from ThreatFox (by abuse.ch)☆19Jun 2, 2021Updated 4 years ago
- Advanced Persistent Threat Detection Using Network Analysis☆23Feb 28, 2019Updated 6 years ago
- Expert Investigation Guides☆51Mar 18, 2021Updated 4 years ago
- Microsoft Flow Attack Framework☆23Nov 14, 2019Updated 6 years ago
- A tools to work on suricata stats.log file.☆29Oct 14, 2015Updated 10 years ago
- A collection of typical false positive indicators☆56Dec 5, 2020Updated 5 years ago
- An npm package for extracting common IoC (Indicator of Compromise) from a block of text☆59Oct 5, 2025Updated 4 months ago
- Providing timelines based on OSINT Reports☆31Jun 21, 2023Updated 2 years ago
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆28Jul 21, 2020Updated 5 years ago
- A set of tools for collecting forensic information☆27Apr 4, 2020Updated 5 years ago
- YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.☆27Dec 14, 2021Updated 4 years ago
- ☆11Feb 9, 2023Updated 3 years ago
- Various public documents, whitepapers and articles about APT campaigns☆55Apr 1, 2016Updated 9 years ago
- This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant ya…☆121Apr 14, 2021Updated 4 years ago
- ☆349Mar 19, 2021Updated 4 years ago
- An example of a downloader written in NodeJS.☆24Apr 17, 2021Updated 4 years ago
- A Splunk app with saved reports derived from Sigma rules☆73Apr 24, 2018Updated 7 years ago
- Threat Hunting with ELK Workshop (InfoSecWorld 2017)☆65Oct 31, 2017Updated 8 years ago