mthcht / ThreatHunting-Keywords-yara-rulesView external linksLinks
yara detection rules for hunting with the threathunting-keywords project
☆157May 11, 2025Updated 9 months ago
Alternatives and similar repositories for ThreatHunting-Keywords-yara-rules
Users that are interested in ThreatHunting-Keywords-yara-rules are comparing it to the libraries listed below
Sorting:
- Sigma detection rules for hunting with the threathunting-keywords project☆58Mar 2, 2025Updated 11 months ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆633Aug 4, 2025Updated 6 months ago
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆192Dec 20, 2024Updated last year
- Awesome Security lists for SOC/CERT/CTI☆1,239Feb 9, 2026Updated last week
- Collection of rules created using YARA-Signator over Malpedia☆142Jan 6, 2026Updated last month
- Menu for Thor scanner lite☆20Oct 24, 2025Updated 3 months ago
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆412Nov 8, 2025Updated 3 months ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆457Oct 29, 2025Updated 3 months ago
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 3 months ago
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆150Updated this week
- Welcome to the SEKOIA.IO Community repository!☆176Feb 6, 2026Updated last week
- CarbonBlack EDR detection rules and response actions☆73Sep 10, 2024Updated last year
- A repository of my own Sigma detection rules.☆163Nov 25, 2025Updated 2 months ago
- Documentation and scripts to properly enable Windows event logs.☆671Oct 3, 2025Updated 4 months ago
- Repo for experimenting and testing MCP server builds for CTI-related research.☆27May 13, 2025Updated 9 months ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆780Updated this week
- ☆78Sep 29, 2025Updated 4 months ago
- Indicators of compromise☆17Jan 29, 2026Updated 2 weeks ago
- Detection in the form of Yara, Snort and ClamAV signatures.☆248Nov 1, 2024Updated last year
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆127Apr 6, 2024Updated last year
- ☆120May 26, 2025Updated 8 months ago
- This repository contains OpenIOC rules to aid in hunting for indicators of compromise and TTPs focused on Advanced Persistent Threat grou…☆26Oct 3, 2023Updated 2 years ago
- ☆22Nov 22, 2025Updated 2 months ago
- Rules shared by the community from 100 Days of YARA 2024☆89Jan 1, 2025Updated last year
- God Mode Detection Rules☆135Aug 8, 2024Updated last year
- ☆151Updated this week
- 🛡️ SIGMA Detection Engineering Platform A comprehensive AI-powered detection engineering platform for security teams to explore MITRE AT…☆46Jun 28, 2025Updated 7 months ago
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆214Updated this week
- A preconfigured Velociraptor triage collector☆75Updated this week
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆801Jan 14, 2026Updated last month
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆421Aug 10, 2025Updated 6 months ago
- A collection of tools, scripts and personal research☆155Feb 2, 2026Updated last week
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated last month
- ReversingLabs YARA Rules☆895Nov 3, 2025Updated 3 months ago
- A specification and style guide for YARA rules☆66Feb 17, 2024Updated last year
- ☆12Feb 24, 2023Updated 2 years ago
- 🚀 IRIS-SOAR: Modular SOAR (Security Orchestration, Automation, and Response) implementation in Python. Designed to complement DFIR-IRIS …☆13Mar 27, 2024Updated last year
- Hunt the windows Registry automatically using VQL☆13Jan 6, 2026Updated last month
- This Repository consists all Public Cheatsheets created by BlackPerl DFIR Content Team☆20Oct 9, 2024Updated last year