A community-driven, AI-powered exchange for threat hunting ideas and methodologies.
Explore the Live Database »
Submit a Hunt
·
Report a Bug
·
Request a Feature
HEARTH (Hunting Exchange and Research Threat Hub) is a centralized, open-source platform for security professionals to share, discover, and collaborate on threat hunting hypotheses. Generating effective and timely hunts is a major challenge, and HEARTH aims to solve it by building a comprehensive, community-curated knowledge base.
Our goal is to create a vibrant ecosystem where hunters can:
- Discover new and creative hunting ideas.
- Contribute their own research and CTI.
- Collaborate with others to refine and improve detection strategies.
- Automate the mundane parts of hunt creation and focus on what matters.
This project uses the PEAK Threat Hunting Framework to categorize hunts into three types:
- 🔥 Flames: Hypothesis-driven hunts with clear, testable objectives.
- 🪵 Embers: Baselining and exploratory analysis to understand an environment.
- 🔮 Alchemy: Model-assisted and algorithmic approaches to threat detection.
HEARTH is more than just a list of hunts; it's a fully-featured platform with a sophisticated automation backend.
| Feature | Description |
|---|---|
| 🔍 Interactive UI | A searchable, filterable, and sortable database of all hunts, making it easy to find exactly what you're looking for. |
| 🤖 AI-Powered CTI Analysis | Submit a link to a CTI report, and our system uses GPT-4 to automatically read, analyze, and draft a complete hunt hypothesis for you. |
| 🛡️ Duplicate Detection | An AI-powered system analyzes new submissions against the existing database to flag potential duplicates and ensure content quality. |
| ⚙️ Automated Workflows | GitHub Actions manage the entire lifecycle of a submission, from initial draft to final approval, including creating branches and PRs. |
| 🏆 Contributor Leaderboard | We recognize and celebrate our contributors! An automated system tracks submissions and maintains a public leaderboard. |
| ✅ Review & Regeneration Loop | Maintainers can request a new version of an AI-generated hunt by simply adding a regenerate label to the submission issue. |
Contributing to HEARTH is designed to be as easy as possible. We use GitHub Issues as a streamlined submission hub.
Have a link to a great threat intelligence report, blog post, or whitepaper? Let our AI do the heavy lifting.
- Click here to open a CTI Submission issue.
- Paste the URL to the CTI source and provide your name/handle for attribution.
- Submit the issue. Our bot will:
- Read and analyze the content.
- Generate a complete hunt draft.
- Check for duplicates.
- Post the draft in a new branch and comment on your issue with a link for review.
If you have a fully-formed hunt idea of your own, you can submit it manually.
- Click here to open a Manual Hunt Submission issue.
- Fill out the template with your hypothesis, tactic, references, and other details.
- Submit the issue for review by the maintainers.
Important
All approved submissions are integrated into the HEARTH database and credited to the submitter on our Contributors Leaderboard.
HEARTH combines a simple frontend with a powerful, serverless backend built on GitHub Actions.
- Frontend:
- HTML5
- CSS3
- Vanilla JavaScript
- Backend & Automation:
- GitHub Actions
- Python
- OpenAI API (GPT-4)
- Hosting:
- GitHub Pages
Distributed under the MIT License. See LICENSE for more information.
This project is made possible by the security community and our amazing contributors.
Project Maintainers:
- Lauren Proehl (@jotunvillur)
- Sydney Marrone (@letswastetime)
- John Grageda (@AngryInfoSecGuy)
🔥 **Keep the HEARTH burning!** 🔥