A collection of resources for Threat Hunters
- The ThreatHunting Project - A great collection of hunts by @DavidJBianco
- Threat Hunting Techniques - AV, Proxy, DNS and HTTP Logs
- Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)
- The ThreatHunter-Playbook - Hunting by leveraging Sysmon and Windows Events logs
- Detecting Lateral Movement through Tracking Event Logs
- Facebook's osquery
- Google's GRR
- Logging, searching and visualization with ELK
- Back to Basics: Enhance Windows Security with Sysmon and Graylog
- Building a Sysmon Dashboard with an ELK Stack
- Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
- Advanced Threat detection Configurations for Graylog
- Threat Hunting:Open Season on the Adversary
- The Who, What, Where, When, Why and How of Effective Threat Hunting
- Incident Response is Dead... Long Live Incident Response
- Hunting, and Knowing What To Hunt For
- Cyber Hunting: 5 Tips To Bag Your Prey
- A Simple Hunting Maturity Model
- A Framework for Cyber Threat Hunting
- Seek Evil, and Ye Shall Find: A Guide to Cyber Threat Hunting Operations
- A Guide to Cyber Threat Hunting Operations
- Inside 3 top threat hunting tools - High level overview of Sqrrl, Infocyte and EndGame
- True Threat Hunting: more than just threats and anomalies - Some valid thoughts on what's needed for an effective Threat Hunting program