threat-hunting

Top 23 threat-hunting Open-Source Projects

threat-hunting
  • MISP

    MISP (core software) - Open Source Threat Intelligence and Sharing Platform

    Project mention: A recent abrupt change in Internet SSH brute force attacks against us | news.ycombinator.com | 2024-02-24
  • Scout Monitoring

    Free Django app performance insights with Scout Monitoring. Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.

    Scout Monitoring logo
  • dnstwist

    Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

    Project mention: Have I Been Squatted? | news.ycombinator.com | 2023-11-27
  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    Project mention: Software Hardening Tools for System Defense | dev.to | 2024-04-30

    cd c:\sysmon git clone https://github.com/SwiftOnSecurity/sysmon-config sysmon -accepteula -i sysmon-config/sysmon-config.xml

  • Suricata

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

    Project mention: Aho-Corasick Algorithm | news.ycombinator.com | 2024-03-04
  • ThreatHunter-Playbook

    A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

  • IntelOwl

    IntelOwl: manage your Threat Intelligence at scale

  • HELK

    The Hunting ELK

  • InfluxDB

    Purpose built for real-time analytics at any scale. InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.

    InfluxDB logo
  • awesome-threat-detection

    ✨ A curated list of awesome threat detection and hunting resources πŸ•΅οΈβ€β™‚οΈ

  • awesome-yara

    A curated list of awesome YARA rules, tools, and people.

  • securityonion

    Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

  • malwoverview

    Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

  • chainsaw

    Rapidly Search and Hunt through Windows Forensic Artefacts

    Project mention: Angle-grinder: Slice and dice logs on the command line | news.ycombinator.com | 2024-04-29

    There’s already a DFIR log tool named chainsaw: https://github.com/WithSecureLabs/chainsaw

  • sysmon-modular

    A repository of sysmon configuration modules

  • signature-base

    YARA signature and IOC database for my scanners and tools

    Project mention: Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) | news.ycombinator.com | 2024-04-01

    > It doesn't matter.

    To understand the exact behavior and extend of the backdoor, this does matter. An end to end proof of how it works is exactly what was needed.

    > A way to check if servers are vulnerable is probably by querying the package manager

    Yes, this has been know since the initial report + later discovering what exact strings are present for the payload.

    https://github.com/Neo23x0/signature-base/blob/master/yara/b...

    > Not very sophisticated, but it'll work.

    Unfortunately, we live in a world with closed-servers and appliances - being able as a customer or pen tester rule out certain class of security issues without having the source/insights available is usually desirable.

  • APT_REPORT

    Interesting APT Report Collection And Some Special IOC

  • hayabusa

    Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

    Project mention: Hayabusa: Sigma-based forensics timeline generator for Windows event logs | news.ycombinator.com | 2024-04-24
  • EVTX-ATTACK-SAMPLES

    Windows Events Attack Samples

  • yeti

    Your Everyday Threat Intelligence

  • SysmonTools

    Utilities for Sysmon

  • matano

    Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

    Project mention: Cisco Acquires Splunk | news.ycombinator.com | 2023-09-21

    sorry thats https://matano.dev

  • beagle

    Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)

  • YaraHunter

    πŸ”πŸ” Malware scanner for cloud-native, as part of CI/CD and at Runtime πŸ”πŸ”

  • APT-Hunter

    APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

threat-hunting discussion

Log in or Post with

threat-hunting related posts

  • MISP galaxy – cybersecurity and other related knowledge base

    1 project | news.ycombinator.com | 20 May 2024
  • Software Hardening Tools for System Defense

    1 project | dev.to | 30 Apr 2024
  • Teler: Real-Time HTTP Intrusion Detection

    2 projects | news.ycombinator.com | 20 Mar 2024
  • A recent abrupt change in Internet SSH brute force attacks against us

    1 project | news.ycombinator.com | 24 Feb 2024
  • Crawlector Version 2.0 has been released. This is a milestone release.

    1 project | /r/netsec | 21 Sep 2023
  • Free Tech Tools and Resources - Terraform for AWS, Cyberthreat Tool, Vim Training & More

    2 projects | /r/SysAdminBlogs | 16 Aug 2023
  • Troubleshooting Intermittent Slowness on Network Share

    1 project | /r/msp | 7 Jul 2023
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 18 Sep 2024
    InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards. Learn more β†’

Index

What are some of the best open-source threat-hunting projects? This list will help you:

Project Stars
1 MISP 5,253
2 dnstwist 4,813
3 sysmon-config 4,736
4 Suricata 4,457
5 ThreatHunter-Playbook 3,967
6 IntelOwl 3,750
7 HELK 3,742
8 awesome-threat-detection 3,590
9 awesome-yara 3,472
10 securityonion 3,146
11 malwoverview 2,916
12 chainsaw 2,713
13 sysmon-modular 2,619
14 signature-base 2,442
15 APT_REPORT 2,359
16 hayabusa 2,177
17 EVTX-ATTACK-SAMPLES 2,171
18 yeti 1,709
19 SysmonTools 1,478
20 matano 1,443
21 beagle 1,269
22 YaraHunter 1,234
23 APT-Hunter 1,228

Sponsored
Free Django app performance insights with Scout Monitoring
Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.
www.scoutapm.com

Did you konow that Python is
the 1st most popular programming language
based on number of metions?