opencybersecurityalliance/kestrel-huntbook external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

opencybersecurityalliance/kestrel-huntbook

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/opencybersecurityalliance/kestrel-huntbook)

Close

opencybersecurityalliance / kestrel-huntbookView on GitHubMore

• External links
• Readme badge

This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)

☆37Jan 2, 2024Updated 2 years ago

Alternatives and similar repositories for kestrel-huntbook

Users that are interested in kestrel-huntbook are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• opencybersecurityalliance / kestrel-analytics

  View on GitHub
  This repository hosts community contributed Kestrel analytics
  ☆18May 28, 2024Updated last year
• opencybersecurityalliance / kestrel-jupyter

  View on GitHub
  Kestrel Jupyter Notebook Kernel
  ☆10Oct 19, 2023Updated 2 years ago
• opencybersecurityalliance / firepit

  View on GitHub
  Firepit - STIX Columnar Storage
  ☆18Jun 5, 2024Updated last year
• opencybersecurityalliance / kestrel-lang

  View on GitHub
  Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
  ☆326Sep 27, 2024Updated last year
• opencybersecurityalliance / PACE

  View on GitHub
  Posture Attribute Collection and Evaluation
  ☆23Jun 20, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• opencybersecurityalliance / stix-shifter

  View on GitHub
  This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return resul…
  ☆262Apr 8, 2026Updated last week
• Azure / forensics

  View on GitHub
  ☆12Mar 28, 2026Updated 3 weeks ago
• Antonlovesdnb / SANSTHS2021

  View on GitHub
  Hunting Malicious Macros SANS Threathunting Summit 2021 Materials
  ☆39Oct 9, 2021Updated 4 years ago
• topher-lo / hunts

  View on GitHub
  🐻‍❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.
  ☆14May 22, 2024Updated last year
• WithSecureLabs / lazarus-sigma-rules

  View on GitHub
  ☆19Oct 23, 2020Updated 5 years ago
• turbot / steampipe-plugin-virustotal

  View on GitHub
  Use SQL to instantly query file, domain, URL and IP scanning results from VirusTotal.
  ☆23Apr 10, 2026Updated last week
• corelight / Dashboards-Splunk-DNS-Hunting-Beaconing

  View on GitHub
  DNS Dashboard for hunting and identifying beaconing
  ☆17Jul 29, 2020Updated 5 years ago
• DissectMalware / npp-langs-4-sec

  View on GitHub
  Notepad++ Syntax Highlighting for Languages Used by Cyber Security Professionals
  ☆14May 31, 2020Updated 5 years ago
• W-GOULD / ssh-user-enumeration

  View on GitHub
  ssh user enumeration
  ☆12Mar 21, 2023Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• corelight / got_zoom

  View on GitHub
  A Zeek package that detects Zoom logins and meeting joins
  ☆12Apr 15, 2020Updated 6 years ago
• X-Junior / Malware-IDAPython-Scripts

  View on GitHub
  ☆23May 23, 2024Updated last year
• tiburon-security / sriracha-iq

  View on GitHub
  Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…
  ☆18Apr 10, 2020Updated 6 years ago
• whiterabb17 / SpyCore

  View on GitHub
  SpyCore - Windows Malicious FIle Scanner (Distributes)
  ☆14Jun 10, 2023Updated 2 years ago
• edelucia / rules

  View on GitHub
  Cyber Threats Detection Rules
  ☆14Sep 16, 2025Updated 7 months ago
• salesforce / multithreaded-exfil-detection

  View on GitHub
  A simple way of detecting multithreaded exfiltration in Zeek.
  ☆15May 1, 2025Updated 11 months ago
• Apxaey / Begineer-Friendly-Inline-Hooking-x86

  View on GitHub
  https://www.youtube.com/watch?v=qsjGj_L1kyo
  ☆10Jul 29, 2021Updated 4 years ago
• 401trg / detections

  View on GitHub
  This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant ya…
  ☆120Apr 14, 2021Updated 5 years ago
• turbot / steampipe-plugin-steampipe

  View on GitHub
  Use SQL to instantly query plugin metadata from the Steampipe Hub. Open source CLI. No DB required.
  ☆12Mar 25, 2026Updated 3 weeks ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• opencybersecurityalliance / documentation

  View on GitHub
  OCA-wide documentation shared by all sub-projects and repositories
  ☆33Oct 31, 2024Updated last year
• cloudquery / cq-provider-azure

  View on GitHub
  CloudQuery Provider for Azure
  ☆13Aug 15, 2022Updated 3 years ago
• deadbits / yara-rules

  View on GitHub
  Collection of YARA signatures from individual research
  ☆44Nov 20, 2023Updated 2 years ago
• Neg9 / namedrop

  View on GitHub
  Fast asynchronous DNS Scanner/bruteforcer
  ☆18Jun 11, 2011Updated 14 years ago
• 3CORESec / Automata

  View on GitHub
  Automatic detection engineering technical state compliance
  ☆55Jul 7, 2024Updated last year
• IllusiveNetworks-Labs / HistoricProcessTree

  View on GitHub
  An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…
  ☆60Jan 30, 2018Updated 8 years ago
• swisscom / PowerSponse

  View on GitHub
  PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
  ☆40Mar 18, 2022Updated 4 years ago
• wightsci / MessageTableReader

  View on GitHub
  Read Windows message table entries.
  ☆11Feb 5, 2023Updated 3 years ago
• deependresearch / hoard

  View on GitHub
  Historical Observations of Actionable Reputation Data
  ☆13Jun 26, 2018Updated 7 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• MII-Cybersec / Threat-Hunting-Notebook

  View on GitHub
  Collection of Jupyter Notebook for Threat Hunting and Blue Team Purposes
  ☆22Jun 15, 2022Updated 3 years ago
• treyka / threaty_threatego

  View on GitHub
  Maltego entity pack encompassing the entire STIX 1.2 data model and a targeted subset of the CybOX 2.1 data model
  ☆11Mar 24, 2016Updated 10 years ago
• harleyQu1nn / ApplicationWhitelistBypassTechniques

  View on GitHub
  A Catalog of Application Whitelisting Bypass Techniques
  ☆11Jul 14, 2017Updated 8 years ago
• sisoc-tokyo / Real-timeDetectionAD_journal

  View on GitHub
  ☆24Mar 19, 2020Updated 6 years ago
• fboldewin / YARA_Detection_Engineering

  View on GitHub
  Detection Engineering with YARA
  ☆87Jan 6, 2024Updated 2 years ago
• nccgroup / JA3_outlier

  View on GitHub
  Incremental Machine Leaning by example - Detecting suspicious activity in real time with Zeek data streams, River and JA3 hashes
  ☆17Aug 10, 2022Updated 3 years ago
• egaus / malicious_url_analysis

  View on GitHub
  ☆18Jun 8, 2018Updated 7 years ago