Threat Hunting
Threat hunting tools and platforms for proactive threat detection, advanced persistent threat (APT) discovery, and security investigation.
Browse 84 threat hunting tools
FEATURED
RELATED TASKS
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
Curated datasets for developing and testing detections in SIEM installations.
Curated datasets for developing and testing detections in SIEM installations.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.
A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.
A reference guide listing 44 advanced Google search operators for enhanced search filtering and precision in information gathering activities.
A reference guide listing 44 advanced Google search operators for enhanced search filtering and precision in information gathering activities.
A framework for improving detection strategies and alert efficacy.
A framework for improving detection strategies and alert efficacy.
A web-based manager for Yara rules, allowing for storage, editing, and management of Yara rules.
A web-based manager for Yara rules, allowing for storage, editing, and management of Yara rules.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
A simple maturity model for enterprise detection and response
A simple maturity model for enterprise detection and response
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
Automatically curate open-source Yara rules and run scans with YAYA.
Automatically curate open-source Yara rules and run scans with YAYA.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Define and validate YARA rule metadata with CCCS YARA Specification.
Define and validate YARA rule metadata with CCCS YARA Specification.
An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.
An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.
Companion repository for deploying osquery in a production environment with tailored query packs.
Companion repository for deploying osquery in a production environment with tailored query packs.
Visualize and analyze network relationships with AfterGlow
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.
Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
Official repository of YARA rules for threat detection and hunting
Official repository of YARA rules for threat detection and hunting
A network recon framework including tools for passive and active recon
A network recon framework including tools for passive and active recon
Fast suspicious file finder for threat hunting and live forensics.
Threat Hunting Tools - FAQ
Common questions about Threat Hunting tools including selection guides, pricing, and comparisons.
Threat hunting tools and platforms for proactive threat detection, advanced persistent threat (APT) discovery, and security investigation.
