kestrel-lang
Threat hunt workflow builder
A language and runtime framework for building reusable, composable threat hunting workflows using Python.
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
302 stars
16 watching
51 forks
Language: Python
last commit: 5 months ago cybersecurityhacktoberfestlanguagesecuritysecurity-automationsecurity-toolsthreatthreat-huntingthreat-intelligencethreatintel
Related projects:
Repository | Description | Stars |
---|---|---|
| A modular threat-hunting tool framework for detecting indicators of compromise in incident-response operations. | 17 |
| A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 861 |
| A tool for gathering and managing threat intelligence data from various feeds. | 171 |
| A platform for searching and analyzing publicly available online data to detect potential security threats | 515 |
| A community-driven project providing shared detection logic and resources for threat hunting | 4,049 |
| Automates scanning of publicly hosted pasted data against Yara rules to identify potential security or research threats. | 1,069 |
| Automated platform for discovering and analyzing cybersecurity threats targeting an organization | 869 |
| A PowerShell repository to simulate and train threat hunting skills without malicious files. | 134 |
| An informational repository providing resources and knowledge for detecting adversaries in IT environments. | 1,726 |
| An eBPF-based tool for comprehensive Linux event monitoring and analysis | 403 |
| Automates aggregation of security threat data from various online sources | 80 |
| Extracts and aggregates threat intelligence from various sources | 836 |
| A tool for hunting and tracking Internet of Things (IoT) security threats by collecting and analyzing indicators of compromise (IOCs) | 116 |
| Tools and rules for detecting malicious domain calls in endpoint malware | 570 |
| A framework to collect and visualize threat intelligence information from various sources in a flexible and plugin-based architecture. | 309 |