12/7/2023 0 Comments Sigma threat huntingGetting Latest sigma rules converted for APT-Hunter ( output will be a file with name rules.json that contain the rules from Sigma repository Sigma ): Python3 APT-Hunter.py -sigma -rules rules.json -p /opt/wineventlogs/ -o Project2 Python3 APT-Hunter.py -huntfile "huntfile.txt)" -p /opt/wineventlogs/ -o Project2 Hunting using file that contain list of regex : Python3 APT-Hunter.py -huntfile "(psexec|psexesvc)" -p /opt/wineventlogs/ -o Project2 Python3 APT-Hunter.py -hunt "psexec" -p /opt/wineventlogs/ -o Project2 Python3 APT-Hunter.py -p /opt/wineventlogs/ -o Project1 -allreport -start -end T20:56 Python3 APT-Hunter.py -p /opt/wineventlogs/ -o Project1 -allreportĪdding time frame to focus on specific timeline : Īnalyzing EVTX files, you can provide directory containing the logs or single file, APT hunter will detect the type of logs. Python3 -m pip install -r requirements.txtĪPT-Hunter is easy to use you just use the argument -h to print help to see the options needed. How to Use APT-HunterĪPT-Hunter built using python3 so in order to use the tool you need to install the required libraries. Twitter : : Ahmed Khlief Donwload APT-Hunter :ĭownload the latest stable version of APT-Hunter with compiled binaries from Releases page. New Release Info : APT-HUNTER V3.0 : Rebuilt with Multiprocessing and new cool features Author the output produced with timeline that can be analyzed directly from Excel, Timeline Explorer, Timesketch, etc.įull information about the tool and how its used in this article : introducing-apt-hunter-threat-hunting-tool-using-windows-event-log APT-Hunter use pre-defined detection rules and focus on statistics to uncover abnormalities which is very effective in compromise assessment. APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |