Recently I am working on searching the threat hunting tools and categoried them. So I writed the blog to save the detail about them.
osquery-kolide/fleet/redis-mysql
Justniffer
Tools List:
Facebook Osquery
This is a tool to use sql to get the system information and to record other logs which is able to be used in Linux, Windows or Mac. The goal of osquery is to enable non-developers to access and aggregate data across the disparate sources and to deploy across corporate and production infrastructure.
It has several plugins for deployment and development which is very useful for the information collection.
Query packs is one of the function that help group to query the function.
GRR
GRR(Google Rapid Response) is a incident response framework focused on remote live forensics.
GRR consists of 2 parts: client and server.
ELK
elasticSearch