Some Threat Hunting queries useful for blue teamers
☆132May 13, 2022Updated 3 years ago
Alternatives and similar repositories for Threat_Hunting
Users that are interested in Threat_Hunting are comparing it to the libraries listed below
Sorting:
- Hunting Queries for Defender ATP☆83Dec 14, 2025Updated 2 months ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- F-Secure Lightweight Acqusition for Incident Response (FLAIR)☆16Jul 5, 2021Updated 4 years ago
- Random scripts for azure stuff☆14Oct 12, 2022Updated 3 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆341Dec 3, 2025Updated 3 months ago
- Attempt to replicate the functions of auto_rip by Corey Harrell in Python.☆12Aug 4, 2024Updated last year
- ☆16Oct 18, 2024Updated last year
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆803Jan 14, 2026Updated last month
- Automated Cloud Misconfiguration Testing☆22Jun 20, 2025Updated 8 months ago
- This repository contains a graphical representation (Mind maps) of specific topics, so one can utilize it as a handbook for that specific…☆17Feb 10, 2022Updated 4 years ago
- Tool to rip system and user data from OSX and macOS☆16Dec 6, 2022Updated 3 years ago
- Python library to query various sources of threat intelligence for data on domains, file hashes, and IP addresses.☆31Nov 6, 2023Updated 2 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆86Jun 23, 2025Updated 8 months ago
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,642Feb 27, 2026Updated last week
- SPL cheatsheet for Splunk.☆26Dec 2, 2022Updated 3 years ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆94Jun 28, 2025Updated 8 months ago
- A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365☆790Oct 29, 2022Updated 3 years ago
- Publicly shareable windows event log message data☆28Nov 29, 2019Updated 6 years ago
- An open-source self-hosted purple team management web application.☆304Feb 15, 2026Updated 3 weeks ago
- This is a collection of threat detection rules / rules engines that I have come across.☆296May 5, 2024Updated last year
- A collection of intelligence about Log4Shell and its exploitation activity.☆184Mar 4, 2022Updated 4 years ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- Security Content for the PEAK Threat Hunting Framework☆44Feb 15, 2024Updated 2 years ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆258Nov 24, 2023Updated 2 years ago
- Encyclopedia for Executables☆472Nov 9, 2021Updated 4 years ago
- This repository is a comprehensive collection of resources, documentation, apps, and add-ons related to Splunk, a powerful data analytics…☆24Feb 16, 2026Updated 3 weeks ago
- Python bindings for https://github.com/omerbenamram/mft☆23Dec 23, 2025Updated 2 months ago
- Tool for scanning domains for .git directories.☆17Oct 2, 2023Updated 2 years ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆290Jan 15, 2024Updated 2 years ago
- This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defense…☆74Jun 28, 2021Updated 4 years ago
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆779Feb 3, 2023Updated 3 years ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆647Nov 7, 2025Updated 4 months ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆644Jun 19, 2024Updated last year
- ☆18Mar 26, 2024Updated last year
- Script for Reconnaissance(Bug Bounty)☆18May 15, 2022Updated 3 years ago
- Quick network scanner library. https://crates.io/crates/qscan☆92Dec 26, 2022Updated 3 years ago
- ☆24Mar 20, 2023Updated 2 years ago
- Presentation materials for talks I've given.☆20Oct 14, 2019Updated 6 years ago
- ☆512Oct 7, 2024Updated last year