Threat Hunting
Threat hunting tools and platforms for proactive threat detection, advanced persistent threat (APT) discovery, and security investigation.
Browse 84 threat hunting tools
FEATURED
RELATED TASKS
A free web-based Yara debugger for security analysts to write hunting or detection rules with ease.
A free web-based Yara debugger for security analysts to write hunting or detection rules with ease.
A repository to aid Windows threat hunters in looking for common artifacts.
A repository to aid Windows threat hunters in looking for common artifacts.
A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel
A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel
A powerful tool for searching and scraping data from GitHub
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
A tool that generates Yara rules from training data using logistic regression and random forest classifiers.
A tool that generates Yara rules from training data using logistic regression and random forest classifiers.
A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.
A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.
A Splunk app mapped to MITRE ATT&CK to guide threat hunts.
A tool for creating custom detection rules from YAML input
Repository for detection content with various types of rules and payloads.
Repository for detection content with various types of rules and payloads.
A collection of YARA rules for research and hunting purposes.
A set of interrelated detection rules for improving detection and hunting visibility and context
A set of interrelated detection rules for improving detection and hunting visibility and context
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
YARA rules for ProcFilter to detect malware and threats
Tool for visualizing correspondences between YARA ruleset and samples
Tool for visualizing correspondences between YARA ruleset and samples
YARA extension for Visual Studio Code with code completion and snippets
YARA extension for Visual Studio Code with code completion and snippets
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.
Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
Threat Hunting Tools - FAQ
Common questions about Threat Hunting tools including selection guides, pricing, and comparisons.
Threat hunting tools and platforms for proactive threat detection, advanced persistent threat (APT) discovery, and security investigation.
