CyberNetHunter

Purpose

CyberNetHunter is a cyber tool stack for the Incident Responder and Threat Hunter. The aim is to integrate tightly with Jupyter Notebooks and facilitate regular tasks that can be tedious during Incidents. The stack aims to include:

1. A python package (cybernethunter) that can be also used from the commandline
2. A few docker stacks to complement regular analysis requirements (elk, BlueSpawn, SysmonSearch, Stoq, etc.)
3. Powershell scripts that can be called from Jupyter to execute triage and analysis tasks in Active Directory environments
4. Streaming via benthos and kafka for data enrichment

TODO

1. Add BlueSpawn
2. Create Jupyter Notebooks with analysis of Boss of the SOC dataset
3. Add SysmonSearch from JPCert to CyberElastic