topher-lo / huntsView external linksLinks
🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.
☆14May 22, 2024Updated last year
Alternatives and similar repositories for hunts
Users that are interested in hunts are comparing it to the libraries listed below
Sorting:
- ☆11Dec 9, 2025Updated 2 months ago
- Collect AWS logs and query them instantly with SQL! Open source CLI. No DB required.☆16Updated this week
- Storage for the IOCs I collect☆11Mar 26, 2025Updated 10 months ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- ☆15Aug 31, 2023Updated 2 years ago
- Data perimeter helper is a tool that helps you design and anticipate the impact of your data perimeter controls☆17Jan 21, 2026Updated 3 weeks ago
- Turn any blog into structured threat intelligence.☆52Updated this week
- ☆30Jan 13, 2026Updated last month
- An open-source command-line tool for cybersecurity reporting automation and a configuration language for reusable templates. Reporting-as…☆67Jul 6, 2025Updated 7 months ago
- ☆17Sep 29, 2023Updated 2 years ago
- ☆18Dec 20, 2024Updated last year
- Firepit - STIX Columnar Storage☆17Jun 5, 2024Updated last year
- JavaScript for Automation (JXA) version of Patrick Wardle's tool that searches applications for dylib hijacking opportunities☆21Aug 6, 2019Updated 6 years ago
- Convert Sigma rules to SIEM queries, directly in your browser.☆110Jan 24, 2026Updated 3 weeks ago
- CocktailParty is a data broker system based on phoenix framework☆23Apr 23, 2025Updated 9 months ago
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆60Jun 7, 2022Updated 3 years ago
- Repo for experimenting and testing MCP server builds for CTI-related research.☆27May 13, 2025Updated 9 months ago
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆115Oct 29, 2024Updated last year
- A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.☆27Mar 20, 2025Updated 10 months ago
- A dataset with CloudTrail events from an attack simulation using Stratus.☆24Jul 12, 2023Updated 2 years ago
- IOK (Indicator Of Kit) is an open source language and ruleset for detecting phishing threat actor tools and tactics☆190Apr 24, 2025Updated 9 months ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆60Mar 12, 2022Updated 3 years ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆68Apr 29, 2024Updated last year
- A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.☆33Jul 23, 2024Updated last year
- A Hubot instance that's here to protect you.☆11Jun 20, 2025Updated 7 months ago
- pocket guide for core detection engineering concepts☆31May 8, 2023Updated 2 years ago
- Windows Security Logging☆43Jul 17, 2022Updated 3 years ago
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)☆37Jan 2, 2024Updated 2 years ago
- AIL project training materials☆39Jul 17, 2025Updated 6 months ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆80Jan 6, 2026Updated last month
- A JRuby implementation of the BurpExtender interface for PortSwigger Burp Suite.☆58May 1, 2015Updated 10 years ago
- STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling☆33Dec 9, 2024Updated last year
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated last month
- Client API to query any Passive DNS implementation following the Passive DNS - Common Output Format.☆81Jan 8, 2026Updated last month
- Import specific data sources into the Sigma generic and open signature format.☆79May 6, 2022Updated 3 years ago
- Paste a URL, get a design system. AI-ready style guides for Cursor & Lovable.☆26Dec 20, 2025Updated last month
- OpenCTI Add-On for Splunk☆13Jan 13, 2026Updated last month
- CloudPathSniffer is an open-source, easy to use and extensible Cloud Anomaly Detection platform designed to help security teams to find h…☆13Nov 30, 2023Updated 2 years ago
- Card Payments Simulation Tool For Indie Devs : Core Card Switch Engine, Fraud Engine, ATM/POS GUI Simulator , Admin Dash (Real-time MSG …☆19Jun 15, 2025Updated 8 months ago