ThreatHunter-Playbook is an open-source project for sharing detection logic and adversary tradecraft. It helps security teams develop and refine threat detection strategies. The playbook integrates with Python-based security tools and workflows, enhancing threat hunting campaigns and hypothesis testing.
git clone https://github.com/OTRF/ThreatHunter-Playbook.githttps://threathunterplaybook.com/
Document and share threat hunting methodologies to improve team collaboration.
Create structured hunt blueprints using Agent Skills for consistent execution.
Utilize pre-recorded security datasets for validation and experimentation in threat hunting.
Integrate AI to enhance decision-making processes during threat hunts.
No install command available. Check the GitHub repository for manual installation instructions.
git clone https://github.com/OTRF/ThreatHunter-PlaybookCopy the install command above and run it in your terminal.
Launch Claude Code, Cursor, or your preferred AI coding agent.
Use the prompt template or examples below to test the skill.
Adapt the skill to your specific use case and workflow.
Help me create a detection playbook for [COMPANY] in the [INDUSTRY] sector. I want to include detection logic for [DATA] and relevant adversary tradecraft. Please provide a structured outline.
### Detection Playbook for Acme Corp in the Financial Sector #### Overview This playbook outlines the detection strategies for identifying potential threats in the financial sector, focusing on insider threats and phishing attacks. #### Detection Logic - **Anomalous Login Attempts**: Monitor for logins from unusual IP addresses or during non-business hours. - **Suspicious Email Activity**: Flag emails with unusual attachments or from unrecognized domains. #### Adversary Tradecraft - **Tactics**: Phishing, Credential Dumping - **Techniques**: Use of social engineering to manipulate employees into divulging sensitive information. #### Resources - Links to community-shared detection rules and scripts. - Recommended tools for continuous monitoring and alerting.
Create and collaborate on interactive animations with powerful, user-friendly tools.
Find and verify professional email addresses instantly
Visual workflow automation for complex integrations
Streamline tech recruiting with automated coding assessments and customizable tests.
Enhance employee engagement through customizable peer recognition and instant feedback.
IronCalc is a spreadsheet engine and ecosystem