Category:ThreatHunting
Jump to navigation
Jump to search
Logging/Monitoring
| Windows Logging | Backend | Client agent |
|---|---|---|
| sysmon: | Splunk | Splunk Universal Forwarder |
| ELK | WinlogBeat |
Adversary Emulation
Manual
- Cobalt-Strike
- Metasploit
- PowerShell Empire
- Covenant
Breach and Attack Simulation (BAS)
- RedCanary Atomic Red Team
- MITRE caldera
- Infection monkey
- Uber METTA
- Red Team Automation (RTA)
- AlphaSOC's FlightSIM
- Blue Team Training Toolkit (BT3)
- Redhunt OS
- Hunters Forge’s Mordor (https://github.com/hunters-forge/mordor)
BAS platform:
- VECTR
- VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios.
Threat Intelligence
Threat Hunting
- https://car.mitre.org/
- The MITRE Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model
- https://github.com/Neo23x0/sigma
- Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner
- https://threathunterplaybook.com
- The Threat Hunter Playbook is a community-based open source project developed to share threat hunting concepts and aid the development of techniques and hypothesis for hunting campaigns by leveraging security event logs from diverse operating systems
- https://splunkbase.splunk.com/app/4305/
- This is a Splunk application containing several hunting dashboards and over 120 reports that will facilitate initial hunting indicators to investigate.
Pages in category "ThreatHunting"
The following 2 pages are in this category, out of 2 total.