EventList
Hunting query generator
An automation tool that integrates Microsoft Security Baselines and MITRE ATT&CK to generate hunting queries for security operation centers.
EventList
370 stars
33 watching
40 forks
Language: PowerShell
last commit: almost 4 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 bert-janp/hunting-queries-detection-rules | Provides KQL queries for hunting and detection in security logs | 1,292 |
 kevthehermit/pastehunter | Automates scanning of publicly hosted pasted data against Yara rules to identify potential security or research threats. | 1,069 |
 cert-polska/mquery | A web-based Yara query accelerator for malware analysis and digital forensics | 417 |
 a3sal0n/cyberthreathunting | A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 861 |
 opencybersecurityalliance/kestrel-lang | A language and runtime framework for building reusable, composable threat hunting workflows using Python. | 302 |
 kasperskylab/klara | Helps Threat Intelligence researchers hunt for new malware by efficiently scanning large collections of files with Yara rules | 698 |
 mhaggis/hunt-detect-prevent | A collection of resources and tools for detecting and preventing malicious activity on Windows systems. | 162 |
 ahmedkhlief/apt-hunter | A tool to analyze Windows event logs for signs of APT attacks and malware activity. | 1,265 |
 infocyte/pshunt | A Powershell Threat Hunting Module designed to scan and survey remote endpoints for indicators of compromise or comprehensive system information. | 280 |
 ninoseki/mihari | An aggregator tool for querying multiple services to gather threat intelligence data. | 870 |
 sapphirex00/threat-hunting | A collection of threat intelligence resources and tools for analyzing APT malware | 257 |
 gossithedog/threathunting | Tools and rules for detecting malicious domain calls in endpoint malware | 570 |
 alienvault-otx/yabin | Generates Yara signatures for identifying malware code similarities | 158 |
 west-wind/threat-hunting-with-splunk | Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs | 58 |
 olafhartong/threathunting | A Splunk application designed to guide threat hunts by mapping investigations to the MITRE ATT&CK framework | 1,141 |