PowerShell threat-hunting

Open-source PowerShell projects categorized as threat-hunting

Top 4 PowerShell threat-hunting Projects

  • sysmon-modular

    A repository of sysmon configuration modules

    Project mention: Is Windows Defender for Business any good? | reddit.com/r/cybersecurity | 2022-11-09

    Agree. Harden your endpoints (if unsure where to start consider hardening kitty, https://github.com/scipag/HardeningKitty) and harden Defender (https://0ut3r.space/2022/03/06/windows-defender/). Add Sysmon with a good config (https://github.com/olafhartong/sysmon-modular) and you've reached a good starting point.

  • AzureHunter

    A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

  • Scout APM

    Truly a developer’s best friend. Scout APM is great for developers who want to find and fix performance issues in their applications. With Scout, we'll take care of the bugs so you can focus on building great things 🚀.

  • DetectionLabELK

    DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

    Project mention: Work setup | reddit.com/r/pop_os | 2022-08-27

    Detection Lab ELK: https://github.com/cyberdefenders/DetectionLabELK

  • EventLogging

    Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.

    Project mention: EventLogging - Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment | reddit.com/r/purpleteamsec | 2022-10-26
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-11-09.

PowerShell threat-hunting related posts

Index

What are some of the best open-source threat-hunting projects in PowerShell? This list will help you:

Project Stars
1 sysmon-modular 2,034
2 AzureHunter 636
3 DetectionLabELK 472
4 EventLogging 390
Close all those tabs. Zigi will handle your updates.
Zigi monitors Jira and GitHub updates, pings you when PRs need approval and lets you take fast actions - all directly from Slack! Plus it reduces cycle time by up to 75%.
www.zigi.ai