kestrel-lang
Threat hunt workflow builder
A language and runtime framework for building reusable, composable threat hunting workflows using Python.
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
302 stars
16 watching
51 forks
Language: Python
last commit: 5 months ago cybersecurityhacktoberfestlanguagesecuritysecurity-automationsecurity-toolsthreatthreat-huntingthreat-intelligencethreatintel
Related projects:
| Repository | Description | Stars |
|---|---|---|
 sk4la/plast | A modular threat-hunting tool framework for detecting indicators of compromise in incident-response operations. | 17 |
 a3sal0n/cyberthreathunting | A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 861 |
 opensourcesec/forager | A tool for gathering and managing threat intelligence data from various feeds. | 171 |
 matamorphosis/scrummage | A platform for searching and analyzing publicly available online data to detect potential security threats | 515 |
 otrf/threathunter-playbook | A community-driven project providing shared detection logic and resources for threat hunting | 4,049 |
 kevthehermit/pastehunter | Automates scanning of publicly hosted pasted data against Yara rules to identify potential security or research threats. | 1,069 |
 thalesgroup-cert/watcher | Automated platform for discovering and analyzing cybersecurity threats targeting an organization | 869 |
 miladaslaner/threathunt | A PowerShell repository to simulate and train threat hunting skills without malicious files. | 134 |
 threathuntingproject/threathunting | An informational repository providing resources and knowledge for detecting adversaries in IT environments. | 1,726 |
 kunai-project/kunai | An eBPF-based tool for comprehensive Linux event monitoring and analysis | 403 |
 jpsenior/threataggregator | Automates aggregation of security threat data from various online sources | 80 |
 inquest/threatingestor | Extracts and aggregates threat intelligence from various sources | 836 |
 aboutsecurity/rastrea2r | A tool for hunting and tracking Internet of Things (IoT) security threats by collecting and analyzing indicators of compromise (IOCs) | 116 |
 gossithedog/threathunting | Tools and rules for detecting malicious domain calls in endpoint malware | 570 |
 ptr32void/ostrica | A framework to collect and visualize threat intelligence information from various sources in a flexible and plugin-based architecture. | 309 |