Skip to content

Instantly share code, notes, and snippets.

@Cyb3rWard0g

Cyb3rWard0g/threathunter_playbook_format.md

Last active December 17, 2019 16:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Cyb3rWard0g/d870c5fa4262801c1e80f7f347238d7b to your computer and use it in GitHub Desktop.
Save Cyb3rWard0g/d870c5fa4262801c1e80f7f347238d7b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
threathunter_playbook_format.md

Title

Metadata
id
author
creation date
platform
playbook link

Technical Description

Hypothesis

Analytics

Initialize Analytics Engine

from openhunt.mordorutils import * spark = get_spark()

Download & Process Mordor File

mordor_file = "" registerMordorSQLTable(spark, mordor_file, "mordorTable")

Analytic Name

FP Rate Log Channel Description

df = spark.sql('''SQL-LIKE LOGIC''' ) df.show(1,False)

Detection Blindspots

Hunter Notes

Hunt Output

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment