DeepBlueCLI
A PowerShell module for threat hunting via Windows Event Logs
TIH is an intelligence tool that helps you in searching for IOCs across multiple openly available security feeds and some well known APIs. The idea behind the tool is to facilitate searching and storing of frequently added IOCs for creating your own set of indicators. Requirements: Python 2.7, Argparse, Requests, API keys from Virustotal and URLVoid. Features: Local storage of threat feeds, check an IP against existing threat feeds and your local database, check for Bulk IP address list, check for MD5 Hash.
A PowerShell module for threat hunting via Windows Event Logs
Converts OpenIOC v1.0 XML files into STIX Indicators, generating STIX v1.2 and CybOX v2.1 content.
A curated list of resources for learning about deploying, managing, and hunting with Microsoft Sysmon.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
CLI tool for ThreatCrowd.org with multiple query functions.
Sample detection rules and dashboards for Google Security Operations