This repositry aims to document threat hunting queries and serve as a reference point for threat hunters for their daily jobs.
Some of the queries from this project can be used as detection rule after approprate tuning based on your environment.
All threat hunting queries from blog.403.co.nz will be categorized and re-located to appropriate MITRE ATTACK techniques within the project, as well as translated into multiple query languages. The following languages are supported:
- SentinelOne
- Sigma
- Yara
- Elastic Search