Alternatives and similar repositories for Threat-Hunting-in-AWS

Users that are interested in Threat-Hunting-in-AWS are comparing it to the libraries listed below

• Yamato-Security / suzaku-rules

  View on GitHub
  ☆11Dec 9, 2025Updated 2 months ago
• nuryslyrt / AttackImaginator

  View on GitHub
  LLM Supported Attack Scenario Creator from Code Review
  ☆14Oct 22, 2024Updated last year
• corelight / Dashboards-Splunk-DNS-Hunting-Beaconing

  View on GitHub
  DNS Dashboard for hunting and identifying beaconing
  ☆16Jul 29, 2020Updated 5 years ago
• Cyb3r-Monk / Cheat-Sheets

  View on GitHub
  Cheat sheets for threat hunting, detection and other stuff.
  ☆34Oct 7, 2022Updated 3 years ago
• gsiddharth29 / Threat-Hunting

  View on GitHub
  Threat Hunt Investigation Methodology and Procedure
  ☆15Jul 11, 2022Updated 3 years ago
• sercasti / aws-hardening

  View on GitHub
  Best practices for hardening your AWS account, most of them are free
  ☆35Nov 1, 2023Updated 2 years ago
• chlaplan / MDE-Monitoring-App

  View on GitHub
  Troubleshooting MDE Workstations
  ☆42Jan 7, 2026Updated last month
• invictus-ir / Blue-team-app-Office-365-and-Azure

  View on GitHub
  ☆73Oct 21, 2024Updated last year
• svch0stz / TheThreatHuntLibrary

  View on GitHub
  Library of threat hunts to get any user started!
  ☆48Sep 4, 2020Updated 5 years ago
• kev365 / ToolFetcher

  View on GitHub
  A tool for fetching DFIR and other GitHub tools.
  ☆25Aug 2, 2025Updated 6 months ago
• RoqueNight / DefenderATP-Proactive-Threat-Hunting-Queries-KQL

  View on GitHub
  List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…
  ☆26Jun 30, 2021Updated 4 years ago
• wayfair-incubator / malicious-chrome-extension-scanner

  View on GitHub
  Collect chrome extensions from various devices and find out if they are malicious
  ☆24Jan 17, 2026Updated last month
• EmissarySpider / ransomware-descendants

  View on GitHub
  A repository dedicated to tracking ransomware families based on leaked builders.
  ☆22Apr 17, 2024Updated last year
• Ignitetechnologies / myfiles

  View on GitHub
  Notes only
  ☆19May 2, 2022Updated 3 years ago
• 5f0ne / pdf-examiner

  View on GitHub
  Provides an overview of the inner file structure of a PDF
  ☆24Sep 26, 2022Updated 3 years ago
• invictus-ir / Sigma-AWS

  View on GitHub
  This repository contains the research and components of our research into using Sigma for AWS Incident Response.
  ☆31Jul 12, 2023Updated 2 years ago
• JPCERTCC / jpcert-yara

  View on GitHub
  JPCERT/CC public YARA rules repository
  ☆108Nov 14, 2025Updated 3 months ago
• jakob-source / falcon-crowdstrike

  View on GitHub
  A collection of searches, interesting events and tables on Crowdstrike Splunk.
  ☆30Mar 2, 2021Updated 4 years ago
• ericw317 / TrailBytes

  View on GitHub
  Follow the trail of breadcrumbs left behind by any user on a computer or mounted disk image.
  ☆32Aug 28, 2025Updated 5 months ago
• PolitoInc / ELK-Hunting

  View on GitHub
  Threat Hunting with ELK Workshop (InfoSecWorld 2017)
  ☆65Oct 31, 2017Updated 8 years ago
• yoryio / ShodanFavicon

  View on GitHub
  List of MurmurHash3 favicon hashes of widely used technologies by vendor to search with Shodan.
  ☆35Apr 14, 2024Updated last year
• Dutchosintguy / OSINT-workshop-sans

  View on GitHub
  Links to materials referenced in the SANS Tech Tuesday workshop June 30,2020
  ☆29Oct 7, 2020Updated 5 years ago
• NikolisSecurity / PhantomID

  View on GitHub
  A powerful hardware ID spoofing tool designed to modify system identifiers for privacy and security purposes. Change MAC addresses, HWID,…
  ☆17Nov 26, 2025Updated 2 months ago
• cyb3rmik3 / Hunting-Lists

  View on GitHub
  A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.
  ☆33Jul 23, 2024Updated last year
• LogRhythm-Services / Axon-Content

  View on GitHub
  Community content for LogRhythm Axon. Includes Dashboards, searches, analytics rules, processing policies and more.
  ☆10Jul 26, 2024Updated last year
• mf1d3l / Splunk4DFIR

  View on GitHub
  Harness the power of Splunk for your investigations
  ☆152Oct 11, 2025Updated 4 months ago
• Permiso-io-tools / cloudtail

  View on GitHub
  ☆30Jan 13, 2026Updated last month
• thremulation-station / thremulation-station

  View on GitHub
  Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.
  ☆39Dec 17, 2025Updated 2 months ago
• paladin316 / ThreatHunting

  View on GitHub
  This repo is where I store my Threat Hunting ideas/content
  ☆88May 9, 2023Updated 2 years ago
• mandiant / mandiant_managed_hunting

  View on GitHub
  Azure Deployment Templates for Mandiant Managed Huning
  ☆12Jun 1, 2023Updated 2 years ago
• somethingnew2-0 / SimpleCSPM

  View on GitHub
  GCP CSPM using Google Sheets
  ☆38Apr 4, 2025Updated 10 months ago
• davidgracemann / Flossx83

  View on GitHub
  Card Payments Simulation Tool For Indie Devs : Core Card Switch Engine, Fraud Engine, ATM/POS GUI Simulator , Admin Dash (Real-time MSG …
  ☆19Jun 15, 2025Updated 8 months ago
• OMENScan / AChoirX

  View on GitHub
  ReWrite of AChoir in Go for Cross Platform forensic artifact collection and processing
  ☆41Feb 2, 2026Updated 2 weeks ago
• iKnowJavaScript / terraform-aws-vulne-soldier

  View on GitHub
  This Terraform module consists of the configuration for automating the remediation of AWS EC2 vulnerabilities using AWS Inspector finding…
  ☆50Jul 4, 2025Updated 7 months ago
• certmichelin / PTART

  View on GitHub
  ☆41Updated this week
• RiccardoAncarani / talks

  View on GitHub
  ☆43Jul 6, 2022Updated 3 years ago
• Cyb3r-Monk / ACCD

  View on GitHub
  Active C&C Detector
  ☆155Oct 5, 2023Updated 2 years ago
• gbrembati / terraform-cloudguard-k8s-protection

  View on GitHub
  Project that creates a Kubernetes environment in Azure (AKS) and protects it with CloudGuard CSPM / Workload and Appsec technologies
  ☆10Jun 12, 2023Updated 2 years ago
• mrtouch93 / OSCPNotes

  View on GitHub
  Some notes written during my OSCP Journey (KeepNote project)
  ☆10Mar 2, 2020Updated 5 years ago