The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 6 PowerShell threat-hunting Projects
-
AzureHunter
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)
-
EventLogging
Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.
PowerShell threat-hunting related posts
- Sysmon 15.0 is out now with advanced features
- Splunk & Sysmon as SIEM
- Looking for inputs and validation for this network setup.
- Researching SIEM
- Is Windows Defender for Business any good?
- splunk sysmon events
- Best monitoring software that works like event logs?
-
A note from our sponsor - WorkOS
workos.com | 24 Apr 2024
Index
What are some of the best open-source threat-hunting projects in PowerShell? This list will help you:
Project | Stars | |
---|---|---|
1 | sysmon-modular | 2,485 |
2 | AzureHunter | 755 |
3 | sysmon-config | 749 |
4 | DetectionLabELK | 525 |
5 | EventLogging | 446 |
6 | Purpleteam | 120 |
Sponsored