ThreatHunting Logo

ThreatHunting

0
Free
Visit Website

A Splunk application containing several dashboards and over 130 reports that facilitate initial hunting indicators to investigate. Requires ingesting Sysmon data into Splunk and tuning for effectiveness. Maps searches to the MITRE ATT&CK framework.

FEATURES

ALTERNATIVES

Open Source Threat Intelligence Gathering and Processing Framework

Modular Threat Hunting Tool & Framework

The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.

A reference implementation for collecting events and performing CAR analytics to detect potential adversary activity.

A Python library for interacting with TAXII servers

Automatically create yara rules based on images embedded in office documents.

A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.

A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.