A repo for security analytics & threat hunting resources
| Tool Name | Description |
|---|---|
| Security Onion | Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. |
| HELK | A hunting-purpose ELK distribution consists of ELK, Kafka, Spark etc. |
| SysmonSearch | A Sysmon visualization tool with ELK |
| SOF-ELK | SOF-ELK® (Security Operations and Forensics Elasticsearch, Logstash, Kibana) VM. |
| ACE | The Automated Collection and Enrichment (ACE) platform is a suite of tools for threat hunters to collect data from many endpoints in a network and automatically enrich the data. The data is collected by running scripts on each computer without installing any software on the target. ACE supports collecting from Windows, macOS, and Linux hosts. |
| Source | Description |
|---|---|
| MITRE ATT&CK | MITRE ATT&CK database that consists of actors TTPs |
| CAR | MITRE Cyber Analytics Repository |
| Unfetter | Unfetter is a project designed to help network defenders, cyber security professionals, and decision makers identify and analyze defensive gaps in a more scalable and repeatable way |
| Sigma | The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. |
| Tool | Description |
|---|---|
| Caldera | CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. |
| Atomic Red Team | Atomic Red Team tests are small, highly portable detection tests mapped to the MITRE ATT&CK Framework. Each test is designed to map back to a particular tactic. |
| Metta | An information security preparedness tool to do adversarial simulation. |
| APT Simulator | A toolset to make a system look as if it was the victim of an APT attack |
| Bookish Happiness | Advesary emulation recommendations |
Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan
ATT&CKing the Status Quo-Improving Threat Intel and Cyber Defense with MITRE ATT&CK