THREAT HUNTING METHODOLOGIES

Automated detection rules from community sources

CHECKING CACHE...
MITRE ATT&CK MAPPED
0 RULES LOADED

>> SELECT HUNT CATEGORY

> [ HOME ]
> [ REMOTE ACCESS TOOLS ]
> [ FILESHARING & EXFILTRATION ]
> [ POWERSHELL EXPLOITATION ]
> [ CREDENTIAL DUMPING ]
> [ LATERAL MOVEMENT ]
> [ PERSISTENCE MECHANISMS ]

>> AUTOMATED THREAT HUNTING PLATFORM


This platform automatically fetches the latest detection rules from leading open-source repositories:


  • Sigma Rules - Universal SIEM detection format
  • Splunk Detections - Enterprise security analytics
  • Elastic Rules - Open-source SIEM detections
  • Microsoft Sentinel - KQL queries for Azure
  • CrowdStrike Falcon - EDR hunting queries
  • Chronicle - Google security analytics

⚠️ All rules should be tested in a controlled environment before production deployment.


Click "UPDATE ALL RULES" to fetch the latest detections from GitHub!

>> REMOTE ACCESS TOOLS


ATT&CK Techniques:

T1219: Remote Access Software T1078: Valid Accounts T1021: Remote Services

Sigma
Splunk
Elastic
Sentinel
Falcon
Loading Sigma rules...
Loading Splunk detection...
Loading Elastic rule...
Loading Sentinel KQL query...
Loading Falcon query...

>> FILESHARING & EXFILTRATION


ATT&CK Techniques:

T1567: Exfiltration Over Web Service T1048: Exfiltration Over Alternative Protocol T1020: Automated Exfiltration

Sigma
Splunk
Elastic
Sentinel
Falcon
Loading Sigma rules...
Loading Splunk detection...
Loading Elastic rule...
Loading Sentinel KQL query...
Loading Falcon query...

>> POWERSHELL EXPLOITATION


ATT&CK Techniques:

T1059.001: PowerShell T1027: Obfuscated Files or Information T1140: Deobfuscate/Decode Files or Information

Sigma
Splunk
Elastic
Sentinel
Falcon
Loading Sigma rules...
Loading Splunk detection...
Loading Elastic rule...
Loading Sentinel KQL query...
Loading Falcon query...

>> CREDENTIAL DUMPING


ATT&CK Techniques:

T1003: OS Credential Dumping T1552: Unsecured Credentials T1555: Credentials from Password Stores

Sigma
Splunk
Elastic
Sentinel
Falcon
Loading Sigma rules...
Loading Splunk detection...
Loading Elastic rule...
Loading Sentinel KQL query...
Loading Falcon query...

>> LATERAL MOVEMENT


ATT&CK Techniques:

T1021: Remote Services T1570: Lateral Tool Transfer T1563: Remote Service Session Hijacking

Sigma
Splunk
Elastic
Sentinel
Falcon
Loading Sigma rules...
Loading Splunk detection...
Loading Elastic rule...
Loading Sentinel KQL query...
Loading Falcon query...

>> PERSISTENCE MECHANISMS


ATT&CK Techniques:

T1547: Boot or Logon Autostart Execution T1053: Scheduled Task/Job T1136: Create Account

Sigma
Splunk
Elastic
Sentinel
Falcon
Loading Sigma rules...
Loading Splunk detection...
Loading Elastic rule...
Loading Sentinel KQL query...
Loading Falcon query...