Threat hunting tools

Tools

MISP (Malware Information Sharing Platform)

MISP is short for Malware Information Sharing Platform. It helps with sharing threat data which can be used by defenders and malware researchers.

» MISP review and details

sqhunter (Threat hunter using osquery, Salt Open and Cymon)

Sqhunter performs threat hunting in your environment. It runs on the salt master node and queries open network sockets, among other information.

» Sqhunter review and details