APT-Hunter v3.2 releases: Threat Hunting tool for windows event logs

by do son · Published January 26, 2021 · Updated February 7, 2024

APT-Hunter

APT-Hunter is a Threat Hunting tool for windows event logs which made by the purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity. This tool will make good use of the windows event logs collected and make sure to not miss critical events configured to be detected. If you are a Threat Hunter, Incident Responder, or forensic investigator, I assure you will enjoy using this tool, why? I will discuss the reason in this article and how it will make your life easy just it made mine. Kindly note this tool is heavily tested but still a beta version and may contain bugs.

if you are using APT-Hunter you will have :

uncover any suspicious activity you don’t know about before it turns to a big incident .
Detect APT movements in the system based on events from previous discovered APT attacks.
Make a good use of the windows event logs you collected .
faster attack detection which will decrease the response time in order to quickly contain and eradicate the attacks.
Output configured to be compatible with timesketch so you can do time line analysis .
With the important 60 use cases configured in one place you will invest your time in other data sources .
Faster investigating multiple servers in short amount of time .
it will help you in cases you don’t have much time to do deep investigation .
Free Open source tool that will serve you without any limitation .
Personally i used it in many incident and helped me uncover events i missed out and allowed me finish the investigations faster .