ThreatHunting
Threat Hunting App
A Splunk application designed to guide threat hunts by mapping investigations to the MITRE ATT&CK framework
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
1k stars
63 watching
179 forks
last commit: over 1 year ago
Linked from 1 awesome list
dfirmitre-attacksplunkthreat-hunting
0x4d31/awesome-threat-detectionRelated projects:
| Repository | Description | Stars |
|---|---|---|
 west-wind/threat-hunting-with-splunk | Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs | 58 |
 inodee/threathunting-spl | Provides Splunk code and prototypes for building rules and queries to detect malicious activity | 268 |
 sbousseaden/slides | Collection of resources and concepts for threat hunting and detection engineering. | 372 |
 a3sal0n/cyberthreathunting | A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 861 |
 otrf/threathunter-playbook | A community-driven project providing shared detection logic and resources for threat hunting | 4,049 |
 threathuntingproject/threathunting | An informational repository providing resources and knowledge for detecting adversaries in IT environments. | 1,726 |
 ninoseki/mihari | An aggregator tool for querying multiple services to gather threat intelligence data. | 870 |
 miladaslaner/threathunt | A PowerShell repository to simulate and train threat hunting skills without malicious files. | 134 |
 gossithedog/threathunting | Tools and rules for detecting malicious domain calls in endpoint malware | 570 |
 matamorphosis/scrummage | A platform for searching and analyzing publicly available online data to detect potential security threats | 515 |
 sk4la/plast | A modular threat-hunting tool framework for detecting indicators of compromise in incident-response operations. | 17 |
 netevert/sentinel-attack | A tool to quickly deploy a threat hunting capability on Azure Sentinel using Sysmon and MITRE ATT&CK | 1,062 |
 phantomcyber/playbooks | Community-developed playbooks and custom functions for Splunk SOAR threat hunting and incident response | 478 |
 sapphirex00/threat-hunting | A collection of threat intelligence resources and tools for analyzing APT malware | 257 |
 stamusnetworks/kts7 | Templates and dashboards for threat hunting with Suricata IDPS/NSM and the ELK 7 stack | 40 |