mandiant/thiri-notebook external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

mandiant/thiri-notebook

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mandiant/thiri-notebook)

Close

mandiant / thiri-notebookView on GitHubMore

• External links
• Readme badge

The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.

☆154Apr 25, 2022Updated 3 years ago

Alternatives and similar repositories for thiri-notebook

Users that are interested in thiri-notebook are comparing it to the libraries listed below

• Cyb3r-Monk / RITA-J

  View on GitHub
  Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
  ☆208Jul 21, 2022Updated 3 years ago
• woanware / etw-event-dumper

  View on GitHub
  ☆33Feb 26, 2022Updated 4 years ago
• StrangerealIntel / Orion

  View on GitHub
  A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ...
  ☆141Nov 19, 2023Updated 2 years ago
• cedowens / C2-JARM

  View on GitHub
  A list of JARM hashes for different ssl implementations used by some C2/red team tools.
  ☆144Apr 20, 2023Updated 2 years ago
• The-DFIR-Report / Sigma-Rules

  View on GitHub
  Rules generated from our investigations.
  ☆204Jun 17, 2025Updated 8 months ago
• Yamato-Security / EnableWindowsLogSettings

  View on GitHub
  Documentation and scripts to properly enable Windows event logs.
  ☆672Oct 3, 2025Updated 4 months ago
• Cyb3r-Monk / ACCD

  View on GitHub
  Active C&C Detector
  ☆156Oct 5, 2023Updated 2 years ago
• NVISOsecurity / nviso-cti

  View on GitHub
  ☆44Jul 11, 2025Updated 7 months ago
• ANSSI-FR / DFIR4vSphere

  View on GitHub
  Powershell module for VMWare vSphere forensics
  ☆167Nov 8, 2024Updated last year
• nasbench / C2-Matrix-Indicators

  View on GitHub
  This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix
  ☆74Jan 26, 2022Updated 4 years ago
• Cyb3r-Monk / Threat-Hunting-and-Detection

  View on GitHub
  Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
  ☆804Jan 14, 2026Updated last month
• mdecrevoisier / EVTX-to-MITRE-Attack

  View on GitHub
  Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
  ☆612Dec 8, 2025Updated 2 months ago
• k3idii / ION

  View on GitHub
  Indicators of Normality
  ☆11Jul 22, 2022Updated 3 years ago
• NextronSystems / evtx-baseline

  View on GitHub
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆86Dec 17, 2025Updated 2 months ago
• OllieJC / tbat

  View on GitHub
  Threat Box Assessment Tool
  ☆19Aug 15, 2021Updated 4 years ago
• fox-it / cobaltstrike-beacon-data

  View on GitHub
  Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
  ☆133Mar 28, 2022Updated 3 years ago
• avast / yari

  View on GitHub
  YARI is an interactive debugger for YARA Language.
  ☆90Sep 10, 2025Updated 5 months ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,723Mar 20, 2024Updated last year
• cudeso / misp-tip-of-the-week

  View on GitHub
  A collection of tips for using MISP.
  ☆76Dec 11, 2024Updated last year
• curated-intel / CTI-fundamentals

  View on GitHub
  A collection of papers, blogs, and resources that make up the quintessential aspects of cyber threat intelligence
  ☆704Apr 21, 2025Updated 10 months ago
• center-for-threat-informed-defense / tram

  View on GitHub
  TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE AT…
  ☆548May 6, 2025Updated 9 months ago
• dwmetz / CyberPipe

  View on GitHub
  An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
  ☆341Dec 3, 2025Updated 3 months ago
• strontic / xcyclopedia

  View on GitHub
  Encyclopedia for Executables
  ☆471Nov 9, 2021Updated 4 years ago
• lucky-luk3 / Infosec_Notebooks

  View on GitHub
  ☆20May 10, 2023Updated 2 years ago
• mvelazc0 / PurpleTeamPlaybook

  View on GitHub
  Active Directory Purple Team Playbook
  ☆116May 8, 2023Updated 2 years ago
• fr0gger / jupyter-collection

  View on GitHub
  Collection of Jupyter Notebooks by @fr0gger_
  ☆191Dec 16, 2025Updated 2 months ago
• ashwin-patil / threat-hunting-with-notebooks

  View on GitHub
  Repository with Sample threat hunting notebooks on Security Event Log Data Sources
  ☆69Dec 2, 2022Updated 3 years ago
• wagga40 / Zircolite

  View on GitHub
  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
  ☆785Feb 22, 2026Updated last week
• darkquasar / AzureHunter

  View on GitHub
  A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
  ☆790Oct 29, 2022Updated 3 years ago
• olafhartong / ThreatHunting

  View on GitHub
  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
  ☆1,173Jul 26, 2023Updated 2 years ago
• swisscom / Invoke-Forensics

  View on GitHub
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆118Nov 28, 2023Updated 2 years ago
• JPCERTCC / jpcert-yara

  View on GitHub
  JPCERT/CC public YARA rules repository
  ☆109Nov 14, 2025Updated 3 months ago
• cyb3rfox / Aurora-Incident-Response

  View on GitHub
  Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
  ☆1,059Oct 5, 2023Updated 2 years ago
• ScarredMonk / SysmonSimulator

  View on GitHub
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆864Jan 20, 2022Updated 4 years ago
• microsoft / msticnb

  View on GitHub
  MSTIC Notebook Components
  ☆35Sep 4, 2025Updated 5 months ago
• Kirtar22 / ThreatHunting_with_Osquery

  View on GitHub
  Threat Hunting & Incident Investigation with Osquery
  ☆216Mar 30, 2022Updated 3 years ago
• microsoft / msticpy

  View on GitHub
  Microsoft Threat Intelligence Security Tools
  ☆1,947Feb 10, 2026Updated 3 weeks ago
• cado-security / rip_raw

  View on GitHub
  Rip Raw is a small tool to analyse the memory of compromised Linux systems.
  ☆134Jan 31, 2022Updated 4 years ago
• blackberry / threat-research-and-intelligence

  View on GitHub
  BlackBerry Threat Research & Intelligence
  ☆100Oct 20, 2023Updated 2 years ago