APT-Hunter

Event log analyzer

A tool to analyze Windows event logs for signs of APT attacks and malware activity.

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

GitHub

1k stars
47 watching
238 forks
Language: Python
last commit: 16 days ago
Linked from 1 awesome list

apt-attacksforensic-analysisincident-responsepurpleteampython3threat-huntingwindows-event-logswindows-eventlog

Backlinks from these awesome lists:

Related projects:

Repository Description Stars
reed1713/elat A toolset for analyzing Windows event logs to detect and analyze malware 29
sans-blue-team/deepbluecli A PowerShell module for analyzing Windows event logs to detect and respond to potential security threats. 2,190
yamato-security/wela Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. 763
airbus-cert/timeliner A tool for filtering and analyzing Windows event logs based on complex time-based conditions 36
antagon/tchunt-ng A tool that uses various tests to identify and analyze encrypted files on a filesystem. 52
fox-it/dissect.etl A parser for Windows kernel event log files 2
hasherezade/hollows_hunter Analyzes running processes to detect and dump malicious code 2,036
mvelazc0/oriana A tool for analyzing Windows event logs to identify potential security threats and suspicious behavior in corporate environments. 177
thiber-org/userline Automates analysis of Windows Security Events to identify user logon relations 240
williballenthin/python-evtx A Python module for parsing Windows Event Log files (.evtx) into structured data 732
erickramirezds/cass_log_tools A collection of scripts for analyzing and summarizing Apache Cassandra logs. 9
ydkhatri/mac_apt A digital forensics tool for analyzing macOS and iOS systems 783
fox-it/dissect.eventlog This is a Python module that parses Windows log file formats 6
miriamxyra/eventlist An automation tool that integrates Microsoft Security Baselines and MITRE ATT&CK to generate hunting queries for security operation centers. 370
jpcertcc/sysmonsearch Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. 417