![]() ![]() Oriana: Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics.RedHunt: Virtual Machine for Adversary Emulation and Threat Hunting by RedHunt Labs.Flare: Flare is a network analytic framework designed for data scientists, security researchers, and network professionals.ThreatHunting App For Splunk: A Splunk app mapped to MITRE ATT&CK to guide your threat hunts. ![]() Sysmon Threat Intelligence Configuration: Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing.sysmon-modular: A repository of sysmon configuration modules.sysmon-config: Sysmon configuration file template with default high-quality event tracing.Contains presentations, deployment methods, configuration file examples, blogs and additional github repositories. Sysmon - DFIR: A curated list of resources for learning about deploying, managing and hunting with Microsoft Sysmon.The pre-recorded data is categorized by platforms, adversary groups, tactics and techniques defined by the Mitre ATT&CK Framework. Mordor Gates: The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption.HELK: A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.MITRE Cyber Analytics Repository: The MITRE Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. MITRE ATT&CK™: MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.MITRE ATT&CK Navigator: he ATT&CK Navigator is designed to provide basic navigation and annotation of ATT&CK matrices, something that people are already doing today in tools like Excel.Google’s GRR: GRR Rapid Response: remote live forensics for incident response.Palantir osquery Configuration: A repository for using osquery for incident detection and response.osquery: osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework.Available for Linux, macOS, Windows and FreeBSD.JA3: JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint. HASSH: HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations.Awesome Threat Detection and Hunting: Tools, Dataset and Framework Tools ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |