Top pick
Pattern matching for malware researchers—rules over files, memory, and streams in IR pipelines.
malwaredetectionthreat-huntingir
Browse & filter
Filter by platform, license text, maturity, maintenance cadence, and editorial tags like privacy-focused or self-hosted. Search matches names, summaries, tags, and use cases.
6 tools match your filters
Top pick
Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.
nsmnetworksocthreat-huntinglogs
Also strong
Generic signature format for SIEM/detection rules convertible to Splunk, Elastic, KQL, and many backends.
detectionsiemrulesthreat-huntingyaml
Honorable mention
Rapidly search and hunt through Windows event logs (EVTX) using Sigma-like rules and built-in threat detections.
dfirwindowsevtxthreat-huntinglogs
Top pick
Large-scale full packet capture, indexing, and search (SPIE) with a web UI—successor to the Moloch lineage for NSM teams.
nsmpcapsocthreat-huntingnetwork
Also strong
Real Intelligence Threat Analytics: ingest Zeek logs to score beaconing, long connections, blacklisted DNS, and lateral patterns.
threat-huntingzeekbeaconingnetworkanalytics