2 Years of Service
60%
This tool, called "ThreatHound," is a powerful and versatile tool written in Python (with a new C version available for Linux-based systems) that helps with IR & Threat Hunting & CA. With ThreatHound, you can drop your event log file and analyze the results easily. It now supports Windows through the ThreatHound.exe, making it even more accessible.
The latest release of ThreatHound has several new features that make it even more useful. For example, you can now save results in JSON format or print them on the screen by using the "print" argument. If you want to save results in JSON format, you can set the argument to "no." If you prefer to print the results on the screen, you can set the argument to "yes."
You can give ThreatHound a single EVTX file, a Windows event logs folder, or multiple EVTX files separated by commas using the "-p" argument. You can also give Sigma rules path using the "-s" argument.
ThreatHound also has multithreading capabilities, which significantly improves its running speed. It is an agent-based tool, which means you can push it to multiple servers and run it easily.
ThreatHound has many useful features, including automation for Threat hunting, Compromise Assessment, and Incident Response for the Windows Event Logs. It downloads and updates Sigma rules daily from the source and has more than 50 detection rules included. With support for more than 1500 detection rules for Sigma, it can detect a wide range of threats.
One of the best things about ThreatHound is that you can easily add your own detection rules to it. It also allows you to add new event log source types to mapping.py easily, making it even more flexible.
Overall, ThreatHound is a powerful and useful tool for anyone working in the IR, Threat Hunting, or CA fields. Its ability to detect a wide range of threats, combined with its flexibility and ease of use, make it an invaluable addition to any security toolkit.
Here is github link: Hope it helps, Happy Hunting!