EventList

Hunting query generator

An automation tool that integrates Microsoft Security Baselines and MITRE ATT&CK to generate hunting queries for security operation centers.

EventList

GitHub

370 stars
33 watching
40 forks
Language: PowerShell
last commit: over 3 years ago

Related projects:

Repository Description Stars
bert-janp/hunting-queries-detection-rules Provides KQL queries for hunting and detection in security logs 1,257
kevthehermit/pastehunter Automates scanning of publicly hosted pasted data against Yara rules to identify potential security or research threats. 1,065
cert-polska/mquery A web-based Yara query accelerator for malware analysis and digital forensics 413
a3sal0n/cyberthreathunting A collection of tools and resources for threat hunters to identify and respond to cyber threats. 856
opencybersecurityalliance/kestrel-lang A language and runtime framework for building reusable, composable threat hunting workflows using Python. 300
kasperskylab/klara Helps Threat Intelligence researchers hunt for new malware by efficiently scanning large collections of files with Yara rules 697
mhaggis/hunt-detect-prevent A collection of resources and tools for detecting and preventing malicious activity on Windows systems. 162
ahmedkhlief/apt-hunter A tool to analyze Windows event logs for signs of APT attacks and malware activity. 1,258
infocyte/pshunt A Powershell Threat Hunting Module designed to scan and survey remote endpoints for indicators of compromise or comprehensive system information. 279
ninoseki/mihari An aggregator tool for querying multiple services to gather threat intelligence data. 863
sapphirex00/threat-hunting A collection of threat intelligence resources and tools for analyzing APT malware 255
gossithedog/threathunting Tools and rules for detecting malicious domain calls in endpoint malware 568
alienvault-otx/yabin Generates Yara signatures for identifying malware code similarities 157
west-wind/threat-hunting-with-splunk Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs 57
olafhartong/threathunting A Splunk application designed to guide threat hunts by mapping investigations to the MITRE ATT&CK framework 1,139