Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →
Top 23 threat-hunting Open-Source Projects
MISP (core software) - Open Source Threat Intelligence and Sharing PlatformProject mention: Top OpenSource/Free Cybersecurity Tools | reddit.com/r/cybersecurity | 2023-04-11
Sysmon configuration file template with default high-quality event tracingProject mention: Cheap, Fast, Good and Simple Remote Monitoring for Small Environments | reddit.com/r/msp | 2023-05-31
There's all sorts of things you can do for various types of monitoring including Zabbix, Graylog, roll-your-own with Sysmon (see https://github.com/SwiftOnSecurity/sysmon-config), etc. The question becomes one of time - don't get so focused on DIY or free that you spend hours (or pay someone to spend hours) a month babysitting.
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonationProject mention: Accounting got phished. Paid out big bucks | reddit.com/r/sysadmin | 2023-05-31
https://dnstwist.it/ - check your domain now
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.Project mention: Threat hunting Playbooks | reddit.com/r/cybersecurity | 2023-01-23
The Hunting ELKProject mention: Kali Linux 2023.1 introduces 'Purple' distro for defensive security | reddit.com/r/netsec | 2023-03-14
Utilizing that api and juniper notebooks is exactly why Hunting Elk is the way it from my understanding.
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scaleProject mention: To GSoC and beyond... | dev.to | 2022-09-26
Allowed bulk analysis of files as well as observables, leading to a more efficient workflow for IntelOwl users. #1032
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️Project mention: Career growth in cybersecurity | reddit.com/r/cybersecurity | 2023-04-04
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
A curated list of awesome YARA rules, tools, and people.Project mention: XSOAR Yara Feeds | reddit.com/r/cybersecurity | 2022-07-22
Real-time HTTP Intrusion DetectionProject mention: GitHub - kitabisa/teler-waf: teler-waf is a Go HTTP middleware that provide teler IDS functionality with teler IDS to protect against web-based attacks and improve the security of Go-based web applications. It is highly configurable and easy to integrate into existing Go applications. | reddit.com/r/golang | 2023-01-01
You can try teler tho :) - https://github.com/kitabisa/teler
A repository of sysmon configuration modulesProject mention: Splunk & Sysmon as SIEM | reddit.com/r/Splunk | 2023-04-11
I use this one: https://github.com/olafhartong/sysmon-modular
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
Rapidly Search and Hunt through Windows Forensic ArtefactsProject mention: What's your favorite cybersecurity tool? | reddit.com/r/cybersecurity | 2023-05-02
YARA signature and IOC database for my scanners and toolsProject mention: Exploit Outlook CVE-2023-23397 Yara - to detect .msg files exploiting CVE-2023-23397 in Microsoft Outlook | reddit.com/r/u_Tsofmetasploit | 2023-03-16
Windows Events Attack SamplesProject mention: Sample firewall/SIEM logs | reddit.com/r/AskNetsec | 2022-08-22
Samir has great repo for logs with attacks occurred in it, for Windows, MacOS and Network - https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES
Interesting APT Report Collection And Some Special IOCProject mention: APT_REPORT/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf at master · blackorbird/APT_REPORT | reddit.com/r/SecOpsDaily | 2023-02-06
Your Everyday Threat IntelligenceProject mention: Yeti: Organize observables, indicators of compromise, TTPs, and threats | news.ycombinator.com | 2022-10-17
Utilities for Sysmon
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)
An Active Defense and EDR software to empower Blue Teams
🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍Project mention: Scans container images, running Docker containers and filesystems to find indicators of malware | reddit.com/r/kubernetes | 2022-07-11
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWSProject mention: Kali Linux 2023.1 introduces 'Purple' distro for defensive security | reddit.com/r/netsec | 2023-03-14
Matano is very promising, and it supports SQL for queries. I suspect they are going to eat Panther's lunch soon.
Open Source EDR for WindowsProject mention: whids - Open Source EDR for Windows | reddit.com/r/RedSec | 2022-08-25
ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
threat-hunting related posts
Cheap, Fast, Good and Simple Remote Monitoring for Small Environments
1 project | reddit.com/r/msp | 31 May 2023
APT-Hunter: APT-Hunter is Threat Hunting tool for Windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
1 project | reddit.com/r/blueteamsec | 7 May 2023
Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mitigating potential damage to the organization.
1 project | reddit.com/r/CKsTechNews | 3 May 2023
Foreign Travel Risks
2 projects | reddit.com/r/cybersecurity | 26 Apr 2023
How do I exclude specific event IDs in Sysmon?
1 project | reddit.com/r/sysadmin | 15 Apr 2023
Splunk & Sysmon as SIEM
1 project | reddit.com/r/Splunk | 11 Apr 2023
Finding the Process initiating a ping
1 project | reddit.com/r/netsecstudents | 5 Apr 2023
A note from our sponsor - Sonar
www.sonarsource.com | 2 Jun 2023
What are some of the best open-source threat-hunting projects? This list will help you: