Apps tagged with 'threat-hunting'

ANY.RUN is interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. ANY.RUN's threat intelligence products, TI Lookup, Yara Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.

Matano is an open source security lake platform for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in a data lake, and create Python detections as code for realtime alerting.

MISP (core software) - Open Source Threat Intelligence and Sharing Platform.

SecAI serves as an AI-powered security analysis tool free to every security analyst and security ops.

FastFinder is a lightweight tool made for threat hunting, live forensics and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criterias:

Sapience is a Windows security and visibility tool that surfaces unusual system behaviour in plain language. It highlights suspicious processes, unexpected outbound connections, scheduled task changes, and other security-relevant events.

Sysmon View: an off-line Sysmon log visualization tool. Sysmon View helps in tracking and visualizing Sysmon logs by logically grouping and correlating the various Sysmon events together, using existing events data, such as executables names, session GUIDs, event creation time...