Category:ThreatHunting

From aldeid
Jump to navigation Jump to search

Logging/Monitoring

Windows Logging Backend Client agent
sysmon: Splunk Splunk Universal Forwarder
ELK WinlogBeat

Adversary Emulation

Manual

Breach and Attack Simulation (BAS)

BAS platform:

VECTR
VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios.

Threat Intelligence

Threat Hunting

https://car.mitre.org/
The MITRE Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model
https://github.com/Neo23x0/sigma
Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner
https://threathunterplaybook.com
The Threat Hunter Playbook is a community-based open source project developed to share threat hunting concepts and aid the development of techniques and hypothesis for hunting campaigns by leveraging security event logs from diverse operating systems
https://splunkbase.splunk.com/app/4305/
This is a Splunk application containing several hunting dashboards and over 120 reports that will facilitate initial hunting indicators to investigate.

Pages in category "ThreatHunting"

The following 2 pages are in this category, out of 2 total.