threat-hunting

Top 23 threat-hunting Open-Source Projects

  • MISP

    MISP (core software) - Open Source Threat Intelligence and Sharing Platform

    Project mention: A recent abrupt change in Internet SSH brute force attacks against us | news.ycombinator.com | 2024-02-24
  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    Project mention: Troubleshooting Intermittent Slowness on Network Share | /r/msp | 2023-07-07

    https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/networking-overview plenty of windows troubleshooting tips here too, and this is pretty good symon script saves to event viewer even after a reboot! , also care with wireshark as it may give you a false sense of there's a fault, try tcpIPview from sysinternals and yeah procmon for sure. https://github.com/SwiftOnSecurity/sysmon-config use psping to ping the server directly and see the latency goes up and down, you can ping it more often every 1 second so you get a better more detailed resul.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • dnstwist

    Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

    Project mention: Have I Been Squatted? | news.ycombinator.com | 2023-11-27
  • Suricata

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

    Project mention: Aho-Corasick Algorithm | news.ycombinator.com | 2024-03-04
  • ThreatHunter-Playbook

    A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

  • HELK

    The Hunting ELK

  • awesome-threat-detection

    ✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

    Project mention: Career growth in cybersecurity | /r/cybersecurity | 2023-04-04
  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • awesome-yara

    A curated list of awesome YARA rules, tools, and people.

  • IntelOwl

    IntelOwl: manage your Threat Intelligence at scale

    Project mention: Monthly Security Checklist | /r/msp | 2023-06-25
  • securityonion

    Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

    Project mention: Security Onion on Proxmox with Linux Bridges and LACP Bond | /r/homelab | 2023-06-11

    I'm trying to get Security Onion running in my lab on my Proxmox server. I'm having trouble getting my WAN traffic to my SO VM. My WAN comes in on VLAN 100 to my switch and goes to my router (Virtual VyOS on the same physical host). I have a ton of VMs and really don't want to move to OVS if I don't absolutely have to. I found this discussion which included some commands for getting SO working on a Linux bridge, but this didn't work for me. Probably because my environment is different. Does anybody have SO setup this way? If so, how did you do it?

  • malwoverview

    Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

  • chainsaw

    Rapidly Search and Hunt through Windows Forensic Artefacts

    Project mention: Agent event queue is flooded. Check the agent configuration | /r/Wazuh | 2023-06-30
  • sysmon-modular

    A repository of sysmon configuration modules

    Project mention: Sysmon 15.0 is out now with advanced features | /r/sysadmin | 2023-06-29

    I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.

  • signature-base

    YARA signature and IOC database for my scanners and tools

  • APT_REPORT

    Interesting APT Report Collection And Some Special IOC

  • EVTX-ATTACK-SAMPLES

    Windows Events Attack Samples

  • hayabusa

    Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

    Project mention: Release v2.5.0 🦅 of Hayabusa - Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool | /r/blueteamsec | 2023-05-07
  • yeti

    Your Everyday Threat Intelligence

  • SysmonTools

    Utilities for Sysmon

  • matano

    Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

    Project mention: Cisco Acquires Splunk | news.ycombinator.com | 2023-09-21

    sorry thats https://matano.dev

  • beagle

    Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)

  • YaraHunter

    🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

  • BLUESPAWN

    An Active Defense and EDR software to empower Blue Teams

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-03-04.

threat-hunting related posts

Index

What are some of the best open-source threat-hunting projects? This list will help you:

Project Stars
1 MISP 4,935
2 sysmon-config 4,513
3 dnstwist 4,465
4 Suricata 3,953
5 ThreatHunter-Playbook 3,805
6 HELK 3,659
7 awesome-threat-detection 3,285
8 awesome-yara 3,193
9 IntelOwl 3,072
10 securityonion 2,766
11 malwoverview 2,678
12 chainsaw 2,502
13 sysmon-modular 2,463
14 signature-base 2,269
15 APT_REPORT 2,150
16 EVTX-ATTACK-SAMPLES 2,067
17 hayabusa 1,890
18 yeti 1,609
19 SysmonTools 1,438
20 matano 1,334
21 beagle 1,250
22 YaraHunter 1,225
23 BLUESPAWN 1,203
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com