topher-lo / huntsLinks
π»ββοΈ πΉ Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.
β13Updated last year
Alternatives and similar repositories for hunts
Users that are interested in hunts are comparing it to the libraries listed below
Sorting:
- β11Updated last month
- Open-source Fabric templates for cybersecurity and complianceβ28Updated last year
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.β59Updated 3 years ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The researchβ¦β52Updated last week
- β101Updated last month
- simple webapp for converting sigma rules into siem queries using the pySigma libraryβ51Updated 2 years ago
- Extracts IoCs, TTPs and the relationships between them. Outputs a STIX 2.1 bundle.β79Updated this week
- Turn any blog into structured threat intelligence.β43Updated last week
- This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that maβ¦β16Updated 3 years ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translationβ90Updated 2 months ago
- Short deep dive into Threat Hunting on AWSβ17Updated 2 years ago
- Track progress and keep notes while working through likethecoins' CTI Self Study Planβ29Updated 3 years ago
- Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.β36Updated 3 years ago
- β51Updated last month
- Automatic detection engineering technical state complianceβ55Updated last year
- Workflows for Shuffleβ24Updated 3 years ago
- Convert Sigma rules to SIEM queries, directly in your browser.β107Updated last month
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.β67Updated 4 months ago
- pocket guide for core detection engineering conceptsβ31Updated 2 years ago
- Library of threat hunts to get any user started!β45Updated 5 years ago
- A new Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) to empower your team and create lasting value. Inspired by Industry Nβ¦β41Updated 8 months ago
- A collection of tips for using MISP.β75Updated last year
- Sigma detection rules for hunting with the threathunting-keywords projectβ57Updated 10 months ago
- Scripts to integrate DFIR-IRIS, MISP and TimeSketchβ34Updated 3 years ago
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)β36Updated 2 years ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromiseβ67Updated last year
- Repo for experimenting and testing MCP server builds for CTI-related research.β27Updated 8 months ago
- Cyber Threat Intelligenceβ73Updated last month
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.β31Updated 2 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365β23Updated last year