A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters to share knowledge, collaborate on techniques, and advance the field of threat hunting.
HEARTH incorporates ideas for three distinct types of hunts classified by the PEAK Threat Hunting Framework:
- Flames: Hypothesis-driven investigations with clear, testable hypotheses
- Embers: Environment baselining and exploratory analysis
- Alchemy: Model-assisted and algorithmic approaches to threat detection
Generating effective hypotheses and ideas for threat hunting is hard. HEARTH provides a collaborative environment where hunters can share, develop, and refine their methodologies while building a comprehensive knowledge base for the security community.
- Encourage collaboration
- Inspire threat hunters with practical and theoretical hunting ideas
HEARTH/
├── Flames/ # Hypothesis-Driven hunts
├── Embers/ # Baseline Analysis
├── Alchemy/ # Model-Assisted & Algorithmic Hunting
├── Forge/ # Development space
├── Kindling/ # Resources & Templates
├── Keepers/ # Guidelines & Standards
└── Assets/ # Images & Logos
We welcome contributions to the Hunting Exchange And Research Threat Hub! Contributing is simple:
We welcome contributions from all threat hunters! To share your ideas:
- Go to Submit New Issue
- Select "HEARTH Hunt Submission Form"
- Fill out the required information about your hunt
- Submit for review
See our Contribution Guidelines for detailed instructions and requirements.
Important
Approved HEARTH Hunt submissions receive an official hunt number, community recognition, and integration into the HEARTH repository.
Got a half-baked idea or something that needs work? Submit it to The Forge, where we collect and refine early-stage threat hunting ideas for all hunt types.
- Browse The Forge
- Contribute using the Forge - Early Stage Hunt Idea form
Use our standard HEARTH Issue Template for:
- Bug reports
- Feature requests
- General feedback
Repository maintainers and reviewers who:
- Review submissions
- Maintain quality standards
- Guide community development
- Facilitate collaboration
Regular contributors who:
- Submit hunt ideas
- Participate in reviews
- Support the community
- Share knowledge
New members who:
- Learn methodologies
- Make initial contributions (see the Forge)
- Engage with community
- 🪵 Resources Guide: A curated collection of threat intelligence sources, security blogs, research papers, and tools to help generate and refine hunt ideas.
- Hunt Generation Template: Once you've got your idea, use this to plan out your hunt in detail.
- Hunt Review Template: After your hunt, use this to capture all key findings and ensure nothing is missed when sharing your results.
Lauren 🤠 x:@jotunvillur / LI:Lauren Proehl
Sydney 🏋️♀️ x:@letswastetime / LI:Sydney Marrone
John 💀 x:@AngryInfoSecGuy / LI:John Grageda
🔥 **Keep the HEARTH burning!** 🔥