Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 threat-hunting Open-Source Projects
-
Project mention: A recent abrupt change in Internet SSH brute force attacks against us | news.ycombinator.com | 2024-02-24
-
https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/networking-overview plenty of windows troubleshooting tips here too, and this is pretty good symon script saves to event viewer even after a reboot! , also care with wireshark as it may give you a false sense of there's a fault, try tcpIPview from sysinternals and yeah procmon for sure. https://github.com/SwiftOnSecurity/sysmon-config use psping to ping the server directly and see the latency goes up and down, you can ping it more often every 1 second so you get a better more detailed resul.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
-
Suricata
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
-
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
-
securityonion
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
Project mention: Security Onion on Proxmox with Linux Bridges and LACP Bond | /r/homelab | 2023-06-11I'm trying to get Security Onion running in my lab on my Proxmox server. I'm having trouble getting my WAN traffic to my SO VM. My WAN comes in on VLAN 100 to my switch and goes to my router (Virtual VyOS on the same physical host). I have a ton of VMs and really don't want to move to OVS if I don't absolutely have to. I found this discussion which included some commands for getting SO working on a Linux bridge, but this didn't work for me. Probably because my environment is different. Does anybody have SO setup this way? If so, how did you do it?
-
malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
-
Project mention: Agent event queue is flooded. Check the agent configuration | /r/Wazuh | 2023-06-30
-
I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.
-
-
-
-
hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Project mention: Release v2.5.0 🦅 of Hayabusa - Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool | /r/blueteamsec | 2023-05-07 -
-
-
matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
sorry thats https://matano.dev
-
beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
threat-hunting related posts
- Teler: Real-Time HTTP Intrusion Detection
- A recent abrupt change in Internet SSH brute force attacks against us
- Crawlector Version 2.0 has been released. This is a milestone release.
- Free Tech Tools and Resources - Terraform for AWS, Cyberthreat Tool, Vim Training & More
- Troubleshooting Intermittent Slowness on Network Share
- Agent event queue is flooded. Check the agent configuration
- Sysmon 15.0 is out now with advanced features
-
A note from our sponsor - InfluxDB
www.influxdata.com | 29 Mar 2024
Index
What are some of the best open-source threat-hunting projects? This list will help you:
Project | Stars | |
---|---|---|
1 | MISP | 4,935 |
2 | sysmon-config | 4,513 |
3 | dnstwist | 4,465 |
4 | Suricata | 3,953 |
5 | ThreatHunter-Playbook | 3,805 |
6 | HELK | 3,659 |
7 | awesome-threat-detection | 3,285 |
8 | awesome-yara | 3,193 |
9 | IntelOwl | 3,072 |
10 | securityonion | 2,766 |
11 | malwoverview | 2,678 |
12 | chainsaw | 2,502 |
13 | sysmon-modular | 2,463 |
14 | signature-base | 2,269 |
15 | APT_REPORT | 2,150 |
16 | EVTX-ATTACK-SAMPLES | 2,067 |
17 | hayabusa | 1,890 |
18 | yeti | 1,609 |
19 | SysmonTools | 1,438 |
20 | matano | 1,334 |
21 | beagle | 1,250 |
22 | YaraHunter | 1,225 |
23 | BLUESPAWN | 1,203 |