Shell threat-hunting Projects

securityonion

7 2,848 8.8 Shell

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

Project mention: Security Onion on Proxmox with Linux Bridges and LACP Bond | /r/homelab | 2023-06-11

I'm trying to get Security Onion running in my lab on my Proxmox server. I'm having trouble getting my WAN traffic to my SO VM. My WAN comes in on VLAN 100 to my switch and goes to my router (Virtual VyOS on the same physical host). I have a ton of VMs and really don't want to move to OVS if I don't absolutely have to. I found this discussion which included some commands for getting SO working on a Linux bridge, but this didn't work for me. Probably because my environment is different. Does anybody have SO setup this way? If so, how did you do it?

falcon-query-assets

4 94 2.1 Shell

Welcome to the Falcon Query Assets GitHub page.

Project mention: Collection of Queries | /r/crowdstrike | 2023-06-06

Event Search Hunting Queries: https://github.com/CrowdStrike/falcon-query-assets/tree/main/Falcon-Event-Search/Threat-Hunting-Queries

InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).