ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Intelligence.

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Detection & Hunting.

Collection of Suricata rule sets that I use modified to my environments.

Threat Feeds, Threat lists, and regular lists of known IP ranges and domains. It updates every 4 hours.

Threat Response API Module

Threat Response Serverless Relay Template

Serverless Relay for CyberCrime Tracker

Get the disposition for an observable

Threat Response CTIM Bundle Builder

FortiGate API (for FortiOS API v2) library wrapper. In active dev and seeking contributors. Active support for DNS Filtering and External ThreatFeed Connector's.

Example scripts for the Threat Response Enrich API

Threat Response JWT Generator

Threat Response Relay Module CLI

Example scripts for authenticating to the Threat Response APIs

How to install Have I been pwned for Cisco's SecureX walk through using Ubuntu 20.04 as the desktop environment

Generates a threat feed IP list from a user-furnished ASN list.

Example scripts for the Threat Response Response API

Example implemention for using OAuth2 Authorization Code Grant Credentials

Threat Response Serverless Relay for Auth0 Signals