APT-Hunter
Event log analyzer
A tool to analyze Windows event logs for signs of APT attacks and malware activity.
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
1k stars
47 watching
239 forks
Language: Python
last commit: 15 days ago
Linked from 1 awesome list
apt-attacksforensic-analysisincident-responsepurpleteampython3threat-huntingwindows-event-logswindows-eventlog
meirwah/awesome-incident-responseRelated projects:
| Repository | Description | Stars |
|---|---|---|
 reed1713/elat | A toolset for analyzing Windows event logs to detect and analyze malware | 29 |
 sans-blue-team/deepbluecli | A PowerShell module for analyzing Windows event logs to detect and respond to potential security threats. | 2,188 |
 yamato-security/wela | Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. | 763 |
 airbus-cert/timeliner | A tool for filtering and analyzing Windows event logs based on complex time-based conditions | 36 |
 antagon/tchunt-ng | A tool that uses various tests to identify and analyze encrypted files on a filesystem. | 52 |
 fox-it/dissect.etl | A parser for Windows kernel event log files | 2 |
 hasherezade/hollows_hunter | Analyzes running processes to detect and dump malicious code | 2,032 |
 mvelazc0/oriana | A tool for analyzing Windows event logs to identify potential security threats and suspicious behavior in corporate environments. | 177 |
 thiber-org/userline | Automates analysis of Windows Security Events to identify user logon relations | 240 |
 williballenthin/python-evtx | A Python module for parsing Windows Event Log files (.evtx) into structured data | 732 |
 erickramirezds/cass_log_tools | A collection of scripts for analyzing and summarizing Apache Cassandra logs. | 9 |
 ydkhatri/mac_apt | A digital forensics tool for analyzing macOS and iOS systems | 781 |
| fox-it/dissect.eventlog | This is a Python module that parses Windows log file formats | 6 |
 miriamxyra/eventlist | An automation tool that integrates Microsoft Security Baselines and MITRE ATT&CK to generate hunting queries for security operation centers. | 370 |
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 417 |