Threat Hunting with ELK Workshop (InfoSecWorld 2017)

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

Powershell collection designed to assist in Threat Hunting Windows systems.

PowerShell module for creating and managing Sysinternals Sysmon config files.

incident response scripts

A threat hunting tool designed to help in identifying unknown binaries across windows domain.

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Gather Open-Source Intelligence using PowerShell.

PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting

🦉🔬A small PowerShell tool for finding information quickly on malicious IPs or FQDNs. Powershell threat hunting.

Guidance for basic implementaiton of Windows Event Forwarding.

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Powershell scripts for identifying compromised Office 365 accounts/mailboxes

Incident Response tools and scripts

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

Powershell Event Tracing Toolbox

A repository of sysmon configuration modules

A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365