Network-based detection reference. Kibana, Arkime, and Suricata queries mapped across the ATT&CK matrix, with APT correlation, OSINT notes, and air-gapped vs connected tripwire framing.
▸ open reference HOSTHost analyst threat hunting: indicators, detection syntax, and APT correlation, OSINT notes across the attack lifecycle .
▸ open reference ATTRIBEvidence-driven adversary attribution. Reads the indicators you've starred in HUNT and ranks likely threat actors cross-nation by the attribution baked into each one. Save and restore hunt state for continuity across sessions and machines.
▸ open attribution