opencybersecurityalliance/kestrel-huntbook external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

opencybersecurityalliance/kestrel-huntbook

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/opencybersecurityalliance/kestrel-huntbook)

Close

opencybersecurityalliance / kestrel-huntbookView on GitHubMore

• External links
• Readme badge

This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)

☆37Jan 2, 2024Updated 2 years ago

Alternatives and similar repositories for kestrel-huntbook

Users that are interested in kestrel-huntbook are comparing it to the libraries listed below

• opencybersecurityalliance / kestrel-analytics

  View on GitHub
  This repository hosts community contributed Kestrel analytics
  ☆18May 28, 2024Updated last year
• opencybersecurityalliance / kestrel-lang

  View on GitHub
  Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
  ☆324Sep 27, 2024Updated last year
• opencybersecurityalliance / kestrel-jupyter

  View on GitHub
  Kestrel Jupyter Notebook Kernel
  ☆10Oct 19, 2023Updated 2 years ago
• opencybersecurityalliance / firepit

  View on GitHub
  Firepit - STIX Columnar Storage
  ☆18Jun 5, 2024Updated last year
• WithSecureLabs / lazarus-sigma-rules

  View on GitHub
  ☆19Oct 23, 2020Updated 5 years ago
• scottleyg / SecOpsSamples

  View on GitHub
  Sample SecOps scripts and Utilities
  ☆12Jun 19, 2024Updated last year
• opencybersecurityalliance / stix-shifter

  View on GitHub
  This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return resul…
  ☆261Feb 27, 2026Updated last week
• opencybersecurityalliance / PACE

  View on GitHub
  Posture Attribute Collection and Evaluation
  ☆23Jun 20, 2023Updated 2 years ago
• Azure / forensics

  View on GitHub
  ☆12Feb 9, 2025Updated last year
• Antonlovesdnb / SANSTHS2021

  View on GitHub
  Hunting Malicious Macros SANS Threathunting Summit 2021 Materials
  ☆39Oct 9, 2021Updated 4 years ago
• salesforce / multithreaded-exfil-detection

  View on GitHub
  A simple way of detecting multithreaded exfiltration in Zeek.
  ☆15May 1, 2025Updated 10 months ago
• corelight / got_zoom

  View on GitHub
  A Zeek package that detects Zoom logins and meeting joins
  ☆12Apr 15, 2020Updated 5 years ago
• DCSO / Blog_CyTec

  View on GitHub
  Repository to provide files related to our blog articles.
  ☆16May 26, 2025Updated 9 months ago
• edelucia / rules

  View on GitHub
  Cyber Threats Detection Rules
  ☆14Sep 16, 2025Updated 5 months ago
• opendxl / opendxl-broker

  View on GitHub
  OpenDXL Broker is an open source version of a Data Exchange Layer (DXL) broker
  ☆14Feb 11, 2024Updated 2 years ago
• nccgroup / JA3_outlier

  View on GitHub
  Incremental Machine Leaning by example - Detecting suspicious activity in real time with Zeek data streams, River and JA3 hashes
  ☆16Aug 10, 2022Updated 3 years ago
• egaus / malicious_url_analysis

  View on GitHub
  ☆18Jun 8, 2018Updated 7 years ago
• tiburon-security / sriracha-iq

  View on GitHub
  Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…
  ☆18Apr 10, 2020Updated 5 years ago
• MII-Cybersec / Threat-Hunting-Notebook

  View on GitHub
  Collection of Jupyter Notebook for Threat Hunting and Blue Team Purposes
  ☆22Jun 15, 2022Updated 3 years ago
• optiv / BadOutlook

  View on GitHub
  (kinda) Malicious Outlook Reader
  ☆19Mar 2, 2021Updated 5 years ago
• fboldewin / YARA_Detection_Engineering

  View on GitHub
  Detection Engineering with YARA
  ☆87Jan 6, 2024Updated 2 years ago
• deadbits / yara-rules

  View on GitHub
  Collection of YARA signatures from individual research
  ☆44Nov 20, 2023Updated 2 years ago
• mandiant / pycommands

  View on GitHub
  PyCommand Scripts for Immunity Debugger
  ☆37Jun 21, 2014Updated 11 years ago
• turbot / steampipe-plugin-virustotal

  View on GitHub
  Use SQL to instantly query file, domain, URL and IP scanning results from VirusTotal.
  ☆23Oct 13, 2025Updated 4 months ago
• mitre / CICAT

  View on GitHub
  ☆19Oct 30, 2020Updated 5 years ago
• nttcom / metemcyber

  View on GitHub
  Decentralized Cyber Threat Intelligence Kaizen Framework
  ☆27Jan 31, 2022Updated 4 years ago
• opencybersecurityalliance / oasis-open-project

  View on GitHub
  Information relating to the governance of the Open Cybersecurity Alliance (OCA) OASIS Open Project. https://github.com/opencybersecuritya…
  ☆29Feb 23, 2026Updated last week
• sbousseaden / macOS-ATTACK-DATASET

  View on GitHub
  JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
  ☆158Sep 10, 2021Updated 4 years ago
• sisoc-tokyo / Real-timeDetectionAD_journal

  View on GitHub
  ☆24Mar 19, 2020Updated 5 years ago
• 3CORESec / Automata

  View on GitHub
  Automatic detection engineering technical state compliance
  ☆55Jul 7, 2024Updated last year
• hm-seclab / YAFRA

  View on GitHub
  YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
  ☆27Dec 14, 2021Updated 4 years ago
• LivingInSyn / RMML

  View on GitHub
  A list of RMMs designed to be used in automation to build alerts
  ☆117Nov 9, 2025Updated 3 months ago
• 401trg / detections

  View on GitHub
  This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant ya…
  ☆120Apr 14, 2021Updated 4 years ago
• west-wind / Threat-Hunting-With-Splunk

  View on GitHub
  Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
  ☆68Apr 29, 2024Updated last year
• opencybersecurityalliance / documentation

  View on GitHub
  OCA-wide documentation shared by all sub-projects and repositories
  ☆33Oct 31, 2024Updated last year
• tropChaud / Cyber-Adversary-Heatmaps

  View on GitHub
  Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.
  ☆36Aug 12, 2022Updated 3 years ago
• Cyb3r-Monk / Threat-Hunting-and-Detection

  View on GitHub
  Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
  ☆803Jan 14, 2026Updated last month
• whichbuffer / Lockbit-Black-3.0

  View on GitHub
  ☆27Jul 11, 2022Updated 3 years ago
• sebdraven / IOCmite

  View on GitHub
  Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert
  ☆37Nov 9, 2022Updated 3 years ago