├── .gitignore ├── Changelog.txt ├── LICENSE ├── README.md ├── app.manifest ├── attack_matrix ├── threathunting.json └── threathunting.png ├── default ├── app.conf ├── data │ └── ui │ │ ├── nav │ │ └── default.xml │ │ ├── panels │ │ ├── Intro.xml │ │ ├── getting_started.xml │ │ └── pre-requirements.xml │ │ └── views │ │ ├── about.xml │ │ ├── asset_priority.xml │ │ ├── computer_drilldown.xml │ │ ├── computer_investigator.xml │ │ ├── coverage.xml │ │ ├── dns_stacking.xml │ │ ├── dns_whitelist.xml │ │ ├── file_access_whitelist.xml │ │ ├── file_create_drilldown.xml │ │ ├── file_create_whitelist.xml │ │ ├── file_prevalence_overview.xml │ │ ├── image_load_whitelist.xml │ │ ├── lateral_movement_indicators.xml │ │ ├── macro_drilldown.xml │ │ ├── mitre_attack_overview.xml │ │ ├── mitre_attack_stacking.xml │ │ ├── network_connection_drilldown.xml │ │ ├── network_whitelist.xml │ │ ├── newly_observed_hashes.xml │ │ ├── parentprocess_guid_drilldown.xml │ │ ├── pipe_drilldown.xml │ │ ├── pipe_whitelist.xml │ │ ├── powershell_events.xml │ │ ├── process_access_whitelist.xml │ │ ├── process_create_whitelist.xml │ │ ├── process_guid_drilldown.xml │ │ ├── rare_process_chains.xml │ │ ├── registry_whitelist.xml │ │ ├── remote_thread_whitelist.xml │ │ ├── search_based_drilldown.xml │ │ ├── sysmon.xml │ │ ├── sysmon_tuning.xml │ │ ├── threat_hunting_overview.xml │ │ ├── user_drilldown.xml │ │ └── wmi_whitelist.xml ├── macros.conf ├── props.conf ├── savedsearches.conf ├── transforms.conf ├── ui-prefs.conf └── workflow_actions.conf ├── files ├── ThreatHunting-logo.png └── ThreatHunting.tar.gz ├── lookups ├── doh.csv ├── requirements.csv ├── sysmoneventcodes.csv └── techniques.csv ├── metadata └── default.meta └── static ├── appIcon.png ├── appIconAlt.png ├── appIconAlt_2x.png ├── appIcon_2x.png ├── appLogo.png └── appLogo_2x.png /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /Changelog.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/Changelog.txt -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/README.md -------------------------------------------------------------------------------- /app.manifest: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/app.manifest -------------------------------------------------------------------------------- /attack_matrix/threathunting.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/attack_matrix/threathunting.json -------------------------------------------------------------------------------- /attack_matrix/threathunting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/attack_matrix/threathunting.png -------------------------------------------------------------------------------- /default/app.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/app.conf -------------------------------------------------------------------------------- /default/data/ui/nav/default.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/nav/default.xml -------------------------------------------------------------------------------- /default/data/ui/panels/Intro.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/panels/Intro.xml -------------------------------------------------------------------------------- /default/data/ui/panels/getting_started.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/panels/getting_started.xml -------------------------------------------------------------------------------- /default/data/ui/panels/pre-requirements.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/panels/pre-requirements.xml -------------------------------------------------------------------------------- /default/data/ui/views/about.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/about.xml -------------------------------------------------------------------------------- /default/data/ui/views/asset_priority.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/asset_priority.xml -------------------------------------------------------------------------------- /default/data/ui/views/computer_drilldown.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/computer_drilldown.xml -------------------------------------------------------------------------------- /default/data/ui/views/computer_investigator.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/computer_investigator.xml -------------------------------------------------------------------------------- /default/data/ui/views/coverage.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/coverage.xml -------------------------------------------------------------------------------- /default/data/ui/views/dns_stacking.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/dns_stacking.xml -------------------------------------------------------------------------------- /default/data/ui/views/dns_whitelist.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/dns_whitelist.xml -------------------------------------------------------------------------------- /default/data/ui/views/file_access_whitelist.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/file_access_whitelist.xml -------------------------------------------------------------------------------- /default/data/ui/views/file_create_drilldown.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/file_create_drilldown.xml -------------------------------------------------------------------------------- /default/data/ui/views/file_create_whitelist.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/file_create_whitelist.xml -------------------------------------------------------------------------------- /default/data/ui/views/file_prevalence_overview.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/file_prevalence_overview.xml -------------------------------------------------------------------------------- /default/data/ui/views/image_load_whitelist.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/image_load_whitelist.xml -------------------------------------------------------------------------------- /default/data/ui/views/lateral_movement_indicators.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/lateral_movement_indicators.xml -------------------------------------------------------------------------------- /default/data/ui/views/macro_drilldown.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/macro_drilldown.xml -------------------------------------------------------------------------------- /default/data/ui/views/mitre_attack_overview.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/mitre_attack_overview.xml -------------------------------------------------------------------------------- /default/data/ui/views/mitre_attack_stacking.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/mitre_attack_stacking.xml -------------------------------------------------------------------------------- /default/data/ui/views/network_connection_drilldown.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/network_connection_drilldown.xml -------------------------------------------------------------------------------- /default/data/ui/views/network_whitelist.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/network_whitelist.xml -------------------------------------------------------------------------------- /default/data/ui/views/newly_observed_hashes.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/newly_observed_hashes.xml -------------------------------------------------------------------------------- /default/data/ui/views/parentprocess_guid_drilldown.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/parentprocess_guid_drilldown.xml -------------------------------------------------------------------------------- /default/data/ui/views/pipe_drilldown.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/pipe_drilldown.xml -------------------------------------------------------------------------------- /default/data/ui/views/pipe_whitelist.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/pipe_whitelist.xml -------------------------------------------------------------------------------- /default/data/ui/views/powershell_events.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/powershell_events.xml -------------------------------------------------------------------------------- /default/data/ui/views/process_access_whitelist.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/process_access_whitelist.xml -------------------------------------------------------------------------------- /default/data/ui/views/process_create_whitelist.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/process_create_whitelist.xml -------------------------------------------------------------------------------- /default/data/ui/views/process_guid_drilldown.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/process_guid_drilldown.xml -------------------------------------------------------------------------------- /default/data/ui/views/rare_process_chains.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/rare_process_chains.xml -------------------------------------------------------------------------------- /default/data/ui/views/registry_whitelist.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/registry_whitelist.xml -------------------------------------------------------------------------------- /default/data/ui/views/remote_thread_whitelist.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/remote_thread_whitelist.xml -------------------------------------------------------------------------------- /default/data/ui/views/search_based_drilldown.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/search_based_drilldown.xml -------------------------------------------------------------------------------- /default/data/ui/views/sysmon.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/sysmon.xml -------------------------------------------------------------------------------- /default/data/ui/views/sysmon_tuning.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/sysmon_tuning.xml -------------------------------------------------------------------------------- /default/data/ui/views/threat_hunting_overview.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/threat_hunting_overview.xml -------------------------------------------------------------------------------- /default/data/ui/views/user_drilldown.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/user_drilldown.xml -------------------------------------------------------------------------------- /default/data/ui/views/wmi_whitelist.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/data/ui/views/wmi_whitelist.xml -------------------------------------------------------------------------------- /default/macros.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/macros.conf -------------------------------------------------------------------------------- /default/props.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/props.conf -------------------------------------------------------------------------------- /default/savedsearches.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/savedsearches.conf -------------------------------------------------------------------------------- /default/transforms.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/transforms.conf -------------------------------------------------------------------------------- /default/ui-prefs.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/ui-prefs.conf -------------------------------------------------------------------------------- /default/workflow_actions.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/default/workflow_actions.conf -------------------------------------------------------------------------------- /files/ThreatHunting-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/files/ThreatHunting-logo.png -------------------------------------------------------------------------------- /files/ThreatHunting.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/files/ThreatHunting.tar.gz -------------------------------------------------------------------------------- /lookups/doh.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/lookups/doh.csv -------------------------------------------------------------------------------- /lookups/requirements.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/lookups/requirements.csv -------------------------------------------------------------------------------- /lookups/sysmoneventcodes.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/lookups/sysmoneventcodes.csv -------------------------------------------------------------------------------- /lookups/techniques.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/lookups/techniques.csv -------------------------------------------------------------------------------- /metadata/default.meta: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/metadata/default.meta -------------------------------------------------------------------------------- /static/appIcon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/static/appIcon.png -------------------------------------------------------------------------------- /static/appIconAlt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/static/appIconAlt.png -------------------------------------------------------------------------------- /static/appIconAlt_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/static/appIconAlt_2x.png -------------------------------------------------------------------------------- /static/appIcon_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/static/appIcon_2x.png -------------------------------------------------------------------------------- /static/appLogo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/static/appLogo.png -------------------------------------------------------------------------------- /static/appLogo_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/olafhartong/ThreatHunting/HEAD/static/appLogo_2x.png --------------------------------------------------------------------------------