EventList
Hunting query generator
An automation tool that integrates Microsoft Security Baselines and MITRE ATT&CK to generate hunting queries for security operation centers.
EventList
370 stars
33 watching
40 forks
Language: PowerShell
last commit: over 3 years ago Related projects:
Repository | Description | Stars |
---|---|---|
bert-janp/hunting-queries-detection-rules | Provides KQL queries for hunting and detection in security logs | 1,257 |
kevthehermit/pastehunter | Automates scanning of publicly hosted pasted data against Yara rules to identify potential security or research threats. | 1,065 |
cert-polska/mquery | A web-based Yara query accelerator for malware analysis and digital forensics | 413 |
a3sal0n/cyberthreathunting | A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 856 |
opencybersecurityalliance/kestrel-lang | A language and runtime framework for building reusable, composable threat hunting workflows using Python. | 300 |
kasperskylab/klara | Helps Threat Intelligence researchers hunt for new malware by efficiently scanning large collections of files with Yara rules | 697 |
mhaggis/hunt-detect-prevent | A collection of resources and tools for detecting and preventing malicious activity on Windows systems. | 162 |
ahmedkhlief/apt-hunter | A tool to analyze Windows event logs for signs of APT attacks and malware activity. | 1,258 |
infocyte/pshunt | A Powershell Threat Hunting Module designed to scan and survey remote endpoints for indicators of compromise or comprehensive system information. | 279 |
ninoseki/mihari | An aggregator tool for querying multiple services to gather threat intelligence data. | 863 |
sapphirex00/threat-hunting | A collection of threat intelligence resources and tools for analyzing APT malware | 255 |
gossithedog/threathunting | Tools and rules for detecting malicious domain calls in endpoint malware | 568 |
alienvault-otx/yabin | Generates Yara signatures for identifying malware code similarities | 157 |
west-wind/threat-hunting-with-splunk | Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs | 57 |
olafhartong/threathunting | A Splunk application designed to guide threat hunts by mapping investigations to the MITRE ATT&CK framework | 1,139 |