Home
Olaf Hartong edited this page Nov 15, 2018
·
13 revisions
Clone this wiki locally
Welcome to the ThreatHunting wiki!
The app has the following structure;
Trigger Overview
Drilldowns
- MITRE ATT&CK
- Computer Drilldown
- Network Connection Drilldown
- ParentProcess GUID Drilldown
- Process GUID Drilldown
Hunting Indicators
- Sysmon Events
- Lateral Movement Indicators
- PowerShell Events
- Newly observed hashes
Whitelists
- Process Create whitelist editor
- Network whitelist editor
- Files Access whitelist editor
- Process Access whitelist editor
- Registry whitelist editor
- Image Load whitelist editor
- Pipe Created whitelist editor
- WMI whitelist editor