Threat Hunting

An investigative analytics platform that uses machine learning to fuse and analyze data from multiple sources, enabling security organizations to extract insights and identify patterns for threat prevention and complex investigations.

An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.

Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.

Kunai is a Linux-based system monitoring tool that provides real-time monitoring and threat hunting capabilities.

A tool for adding new lines to files, skipping duplicates.

A tool for identifying potential security threats by fetching known URLs and filtering out URLs with open redirection or SSRF parameters.

A comprehensive resource for threat hunting in Active Directory environments, covering tracking command-line/PowerShell activity, Kerberoasting detection, auditing attacker activity, and monitoring enterprise command-line activity.

A powerful OSINT tool for creating custom templates for data extraction and analysis

A repository of officially managed detection rules for the Falco runtime security monitoring system that identifies threats, abnormal behaviors, and compliance violations through syscall and container event analysis.

YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.

A repository of freely usable Yara rules for detection systems, with automated error detection workflows.

Modular Threat Hunting Tool & Framework

A free and open-source OSINT framework for gathering and analyzing data from various sources

A collection of tools and resources for threat hunters.

A Go client to communicate with Chaos DB API

A free web-based Yara debugger for security analysts to write hunting or detection rules with ease.

A repository to aid Windows threat hunters in looking for common artifacts.

A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel

A Profiling Method for SSH Clients and Servers.

A powerful tool for searching and scraping data from GitHub

A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.

A tool that generates Yara rules from training data using logistic regression and random forest classifiers.

A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.

A Splunk app mapped to MITRE ATT&CK to guide threat hunts.