Threat Hunting
Browse 657 threat hunting tools
FEATURED
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
A collection of YARA rules for research and hunting purposes.
Tool for visualizing correspondences between YARA ruleset and samples
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
Enterprise endpoint security with EDR, anti-ransomware, and behavior blocking
FireEye Mandiant SunBurst Countermeasures: freely available rules for detecting malicious files and activity
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
AI-powered endpoint security with prevention-first approach and EDR capabilities
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.
Unified cybersecurity platform with XDR, EDR, PAM, email security, and compliance
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
XDR platform with EDR, NGAV, MDR, threat hunting, and incident response
Collection of YARA signatures from recent malware research.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
