Some Threat Hunting queries useful for blue teamers
☆132May 13, 2022Updated 3 years ago
Alternatives and similar repositories for Threat_Hunting
Users that are interested in Threat_Hunting are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This repository is a comprehensive collection of resources, documentation, apps, and add-ons related to Splunk, a powerful data analytics…☆24Apr 5, 2026Updated last week
- Random scripts for azure stuff☆14Oct 12, 2022Updated 3 years ago
- F-Secure Lightweight Acqusition for Incident Response (FLAIR)☆16Jul 5, 2021Updated 4 years ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆808Jan 14, 2026Updated 3 months ago
- ☆12Nov 3, 2020Updated 5 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- SPL cheatsheet for Splunk.☆26Dec 2, 2022Updated 3 years ago
- A fast library for parsing and importing Windows Event Logs into Elasticsearch.☆86Mar 30, 2026Updated 2 weeks ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆340Dec 3, 2025Updated 4 months ago
- A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365☆788Oct 29, 2022Updated 3 years ago
- Encyclopedia for Executables☆478Nov 9, 2021Updated 4 years ago
- This is a collection of threat detection rules / rules engines that I have come across.☆298May 5, 2024Updated last year
- ☆16Oct 18, 2024Updated last year
- Attempt to replicate the functions of auto_rip by Corey Harrell in Python.☆12Aug 4, 2024Updated last year
- Hunting Queries for Defender ATP☆83Apr 1, 2026Updated 2 weeks ago
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Splunk code (SPL) for serious threat hunters and detection engineers.☆292Jan 15, 2024Updated 2 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.☆251Jul 19, 2021Updated 4 years ago
- Scripts and Lambdas to help with automated deployment of AWS Shield Advanced☆12Feb 11, 2022Updated 4 years ago
- Conduct forensic investigation of suspicious domains, websites and other dangerous thing without the fear of being infected! A Live opera…☆18Jun 27, 2022Updated 3 years ago
- Threat Hunting Malware Infrastructure☆11Dec 3, 2023Updated 2 years ago
- Public repository for Red Canary Research☆38Oct 29, 2020Updated 5 years ago
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,679Apr 3, 2026Updated last week
- Quick network scanner library. https://crates.io/crates/qscan☆93Dec 26, 2022Updated 3 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- An open-source self-hosted purple team management web application.☆303Feb 15, 2026Updated 2 months ago
- Tool to rip system and user data from OSX and macOS☆16Dec 6, 2022Updated 3 years ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆98Apr 7, 2026Updated last week
- ☆20May 10, 2023Updated 2 years ago
- Ekoparty's BlueSpace Keynote November 2021. Shoutout to @plugxor Muchas Gracias!!!☆13Jun 5, 2023Updated 2 years ago
- Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.☆488Nov 22, 2024Updated last year
- Python library to query various sources of threat intelligence for data on domains, file hashes, and IP addresses.☆31Nov 6, 2023Updated 2 years ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆649Nov 7, 2025Updated 5 months ago
- ☆19Oct 23, 2020Updated 5 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Serverless AWS application to upload and hash evidence files.☆23Oct 26, 2022Updated 3 years ago
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆549Sep 2, 2022Updated 3 years ago
- Bash script for CTF automating basic enumeration☆41Mar 1, 2022Updated 4 years ago
- This repository contains Community and Field contributed content for LogScale☆330Apr 1, 2026Updated 2 weeks ago
- pocket guide for core threat hunting concepts☆23May 6, 2020Updated 5 years ago
- GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]☆1,551Jul 28, 2024Updated last year
- An informational repo about hunting for adversaries in your IT environment.☆1,860Nov 17, 2021Updated 4 years ago