A collection of tools and other resources for threat hunters.
- Hunting Tools - Collection of open source and free tools for hunting
- Resources - Useful resources to get started in Threat Hunting
- Must Read - Articles and blog posts covering different aspects of Threat Hunting
- Custom Scripts - Our own tools and scripts to support different types of hunts
- Facebook's osquery
- Google's GRR
- Logging, searching and visualization with ELK
- Back to Basics: Enhance Windows Security with Sysmon and Graylog
- Building a Sysmon Dashboard with an ELK Stack
- Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
- Advanced Threat detection Configurations for Graylog
- Elk + Osquery + Kolide Fleet = Love - Hunting with ELK, Osquery and Kolide Fleet
- MITRE ATT&CK - A curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
- MITRE CAR - A knowledge base of analytics developed by MITRE based on the Adversary Tactics, Techniques, and Common Knowledge (ATT&CK™) threat model.
- Threat Hunting with Bro IDS
- Automating APT Scanning with Loki Scanner and Splunk
- The ThreatHunting Project - A great collection of hunts by @DavidJBianco
- Threat Hunting Techniques - AV, Proxy, DNS and HTTP Logs
- Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)
- The ThreatHunter-Playbook - Hunting by leveraging Sysmon and Windows Events logs
- Detecting Lateral Movement through Tracking Event Logs
- How to build a Threat Hunting platform using ELK Stack
- Threat Hunting:Open Season on the Adversary
- The Who, What, Where, When, Why and How of Effective Threat Hunting
- Incident Response is Dead... Long Live Incident Response
- Hunting, and Knowing What To Hunt For
- Cyber Hunting: 5 Tips To Bag Your Prey
- A Simple Hunting Maturity Model
- A Framework for Cyber Threat Hunting
- Seek Evil, and Ye Shall Find: A Guide to Cyber Threat Hunting Operations
- A Guide to Cyber Threat Hunting Operations
- Inside 3 top threat hunting tools - High level overview of Sqrrl, Infocyte and EndGame
- True Threat Hunting: more than just threats and anomalies - Some valid thoughts on what's needed for an effective Threat Hunting program