EventList
Hunting query generator
An automation tool that integrates Microsoft Security Baselines and MITRE ATT&CK to generate hunting queries for security operation centers.
EventList
370 stars
33 watching
40 forks
Language: PowerShell
last commit: over 3 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 bert-janp/hunting-queries-detection-rules | Provides KQL queries for hunting and detection in security logs | 1,257 |
 kevthehermit/pastehunter | Automates scanning of publicly hosted pasted data against Yara rules to identify potential security or research threats. | 1,065 |
 cert-polska/mquery | A web-based Yara query accelerator for malware analysis and digital forensics | 413 |
 a3sal0n/cyberthreathunting | A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 855 |
 opencybersecurityalliance/kestrel-lang | A language and runtime framework for building reusable, composable threat hunting workflows using Python. | 300 |
 kasperskylab/klara | Helps Threat Intelligence researchers hunt for new malware by efficiently scanning large collections of files with Yara rules | 697 |
 mhaggis/hunt-detect-prevent | A collection of resources and tools for detecting and preventing malicious activity on Windows systems. | 162 |
 ahmedkhlief/apt-hunter | A tool to analyze Windows event logs for signs of APT attacks and malware activity. | 1,255 |
 infocyte/pshunt | A Powershell Threat Hunting Module designed to scan and survey remote endpoints for indicators of compromise or comprehensive system information. | 279 |
 ninoseki/mihari | An aggregator tool for querying multiple services to gather threat intelligence data. | 863 |
 sapphirex00/threat-hunting | A collection of threat intelligence resources and tools for analyzing APT malware | 255 |
 gossithedog/threathunting | Tools and rules for detecting malicious domain calls in endpoint malware | 568 |
 alienvault-otx/yabin | Generates Yara signatures for identifying malware code similarities | 157 |
 west-wind/threat-hunting-with-splunk | Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs | 57 |
 olafhartong/threathunting | A Splunk application designed to guide threat hunts by mapping investigations to the MITRE ATT&CK framework | 1,138 |