View on Github

Active Threat Hunting

Active Threat Hunting is an open source framework for quickly building a Security Operations Center to easily detect malicious events in a network.

There are numerous threats targeting our organizations on a daily basis. Will you be able to find all the attacks and defend your organization if techniques and tools used by adversaries are unknown to you?

Use the Active Threat Hunting tools to quickly build your own small SOC and find suspicious activity in your network more easily. We’ve provided the source code for all of our tool deployments to make it easier for anyone to replicate our deployments quickly.

Our Tools:



Elastic Stack

Kolide Fleet





Our Philosophy:

There are many open source tools available for anyone to begin building their own world-class Security Operations Center. Our hope is to help others to see these tools in action and learn how to deploy and use these tools in their own environments.