Real-time HTTP Intrusion Detection

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

The Correlated CVE Vulnerability And Threat Intelligence Database API

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

SIEM Tactics, Techiques, and Procedures

a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations on decentralized finance

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

Collection of Threat Models

16,432 Free Yara rules created by

威胁情报播报

Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

Collecting & Hunting for IOCs with gusto and style

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

国内恶意IP封禁计划，还赛博空间一片朗朗乾坤

PatrowlHears - Vulnerability Intelligence Center / Exploits

Repository resource for threat hunter