ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Intelligence.

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Detection & Hunting.

Collection of Suricata rule sets that I use modified to my environments.

Threat Feeds, Threat lists, and regular lists of known IP ranges and domains. It updates every 4 hours.

Threat Response API Module

Threat Response Serverless Relay Template

Serverless Relay for CyberCrime Tracker

Get the disposition for an observable

Threat Response CTIM Bundle Builder

FortiGate API (for FortiOS API v2) library wrapper. Active support for core Firewall & System plus DNS Filtering & External ThreatFeed Connector's.

Threat Response JWT Generator

Example scripts for the Threat Response Enrich API

Threat Response Relay Module CLI

Example scripts for authenticating to the Threat Response APIs

How to install Have I been pwned for Cisco's SecureX walk through using Ubuntu 20.04 as the desktop environment

Generates a threat feed IP list from a user-furnished ASN list.

Example scripts for the Threat Response Response API

Example implemention for using OAuth2 Authorization Code Grant Credentials

Threat Response Serverless Relay for Auth0 Signals