Sysmon configuration file template with default high-quality event tracing
-
Updated
Jul 3, 2024
Sysmon configuration file template with default high-quality event tracing
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
The Hunting ELK
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
YARA signature and IOC database for my scanners and tools
A repository of sysmon configuration modules
Interesting APT Report Collection And Some Special IOC
A curated list of awesome YARA rules, tools, and people.
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
IntelOwl: manage your Threat Intelligence at scale
Windows Events Attack Samples
Your Everyday Threat Intelligence
A Suricata based IDS/IPS/NSM distro
Clusters and elements to attach to MISP events or attributes (like threat actors)
Real-time HTTP Intrusion Detection
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Add a description, image, and links to the threat-hunting topic page so that developers can more easily learn about it.
To associate your repository with the threat-hunting topic, visit your repo's landing page and select "manage topics."