ThreatHunter-Playbook
Threat Hunter
A community-driven project providing shared detection logic and resources for threat hunting
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
4k stars
372 watching
808 forks
Language: Python
last commit: 9 months ago
Linked from 4 awesome lists
dfirhunterhuntinghunting-campaignshypothesismitremitre-attack-dbsysmonthreat-hunting
hack-with-github/awesome-hacking
meirwah/awesome-incident-response
0x4d31/awesome-threat-detection
netanmangal/awesome-hackingRelated projects:
| Repository | Description | Stars |
|---|---|---|
 threathuntingproject/threathunting | An informational repository providing resources and knowledge for detecting adversaries in IT environments. | 1,722 |
 a3sal0n/cyberthreathunting | A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 855 |
 matamorphosis/scrummage | A platform for searching and analyzing publicly available online data to detect potential security threats | 512 |
 ninoseki/mihari | An aggregator tool for querying multiple services to gather threat intelligence data. | 863 |
 miladaslaner/threathunt | A PowerShell repository to simulate and train threat hunting skills without malicious files. | 134 |
 opencybersecurityalliance/kestrel-lang | A language and runtime framework for building reusable, composable threat hunting workflows using Python. | 300 |
 olafhartong/threathunting | A Splunk application designed to guide threat hunts by mapping investigations to the MITRE ATT&CK framework | 1,138 |
 inquest/threatingestor | Extracts and aggregates threat intelligence from various sources | 831 |
 sbousseaden/slides | Collection of resources and concepts for threat hunting and detection engineering. | 372 |
| otrf/security-datasets | Provides a repository of security event datasets to support threat research and analysis | 1,603 |
 gossithedog/threathunting | Tools and rules for detecting malicious domain calls in endpoint malware | 568 |
 aboutsecurity/rastrea2r | A tool for hunting and tracking Internet of Things (IoT) security threats by collecting and analyzing indicators of compromise (IOCs) | 116 |
 kunai-project/kunai | A Linux-based threat-hunting tool that monitors system events and provides real-time security insights | 390 |
 sk4la/plast | A modular threat-hunting tool framework for detecting indicators of compromise in incident-response operations. | 17 |
 phantomcyber/playbooks | Community-developed playbooks and custom functions for Splunk SOAR threat hunting and incident response | 472 |