Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked ThreatHound - tool which help you on your IR & Threat Hunting

Sweethomer

By INACTIVE Sweethomer
in Pentesting

 Share

Recommended Posts

Sweethomer Initiate

INACTIVE Sweethomer

Posted
Posted

This is the hidden content, please

This tool, called "ThreatHound," is a powerful and versatile tool written in Python (with a new C version available for Linux-based systems) that helps with IR & Threat Hunting & CA. With ThreatHound, you can drop your event log file and analyze the results easily. It now supports Windows through the ThreatHound.exe, making it even more accessible.

The latest release of ThreatHound has several new features that make it even more useful. For example, you can now save results in JSON format or print them on the screen by using the "print" argument. If you want to save results in JSON format, you can set the argument to "no." If you prefer to print the results on the screen, you can set the argument to "yes."

You can give ThreatHound a single EVTX file, a Windows event logs folder, or multiple EVTX files separated by commas using the "-p" argument. You can also give Sigma rules path using the "-s" argument.

ThreatHound also has multithreading capabilities, which significantly improves its running speed. It is an agent-based tool, which means you can push it to multiple servers and run it easily.

ThreatHound has many useful features, including automation for Threat hunting, Compromise Assessment, and Incident Response for the Windows Event Logs. It downloads and updates Sigma rules daily from the source and has more than 50 detection rules included. With support for more than 1500 detection rules for Sigma, it can detect a wide range of threats.

One of the best things about ThreatHound is that you can easily add your own detection rules to it. It also allows you to add new event log source types to mapping.py easily, making it even more flexible.

Overall, ThreatHound is a powerful and useful tool for anyone working in the IR, Threat Hunting, or CA fields. Its ability to detect a wide range of threats, combined with its flexibility and ease of use, make it an invaluable addition to any security toolkit.

Here is github link: 

This is the hidden content, please

Hope it helps, Happy Hunting!

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.