Threat Hunting general techniques
Hunting based on logs
Enabling your Windows logs
Useful Windows Event Logs during an investigation
Configuring AWS logs
How to respond in AWS?
Detection based on Windows artefacts and tools used by the attacker
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss Post CERT.
Hunting on Azure
Enhancing your detection capabilities
AppCompatProcessor
logparsingosxlinux
Attack Data by Splunk
adversary emulationsplunk
Autopsy
all-in-oneforensicsanalyticsartifact collectionartifact analysis
Crits
cyber threat intelligenceanalytics
DFIR-O365RC
artifact collectionlogo365
Fenrir
ioc scannerlinuxosx
Logdissect
logparsing
LOKI
yaraioc scanner
LORG
logartifact analysishttpd
MEEKRAT
windowsartifact collectionioc scanner
MSTIC Jupyter and Python Security Tools
acquisitionartifact collectionanalyticsartifact analysisazure sentinel
osquery
analyticssystem monitoringosxlinuxwindowsfreebsd
PyaraScanner
yaraioc scanner
rastrea2r
yaraartifact analysiswindowslinuxosx
Redline (FireEye)
forensicsanalyticswindowslinuxosxartifact collection
Sigma
logyararulesetsiemalerting
StreamAlert
analyticsserverlessalertinglogawslambda
Yara
cyber threat intelligenceyara