Threat hunting thrives on a structured approach, creative thinking, and a place to share, refine, and build upon ideas. Enter HEARTH, the Hunting Exchange And Research Threat Hub, an open-source repository designed to ignite the collective knowledge of the threat hunting community.

HEARTH isn’t just a collection of ideas—it’s a launchpad for collaborative threat hunting, a space where hunters can contribute, iterate, and evolve the craft together. If you’re looking for practical threat hunting concepts aligned with the PEAK Threat Hunting Framework—which emphasizes Prepare, Execute, and Act with Knowledge—this is where you need to be.

Why HEARTH?

Security practitioners often operate in silos, each team developing their own methods for detecting threats in logs, events, and network telemetry. While we’ve seen great advancements in sharing indicators and adversary tactics, techniques, and procedures (TTPs), the knowledge around how to systematically hunt threats still tends to be scattered.

HEARTH aims to change that by offering a structured repository where:

• Threat hunters can submit their ideas following a standard template.

• The community can review and refine hunts, making them stronger and more actionable.

• Contributors receive credit and recognition, including a unique hunt number and an exclusive threat hunting sticker for their submission.

• Hunts are categorized based on PEAK Framework alignment, making it easy to find ideas that fit different phases of the hunt process.

How to Contribute

HEARTH is built for practitioners by practitioners, and we want your expertise in the mix. Here’s how you can contribute:

1. Submit a Hunt Idea – Go to Issues > New Issue > HEARTH Hunt Submission Form, fill out the required hunt details, and submit for review.

2. Explore Existing Hunts – Check out what’s already been shared. Refine or adapt existing ideas for new environments and data sources.

3. Collaborate and Discuss – Open issues, provide feedback, and engage in discussions. Your insights help make hunts more robust and applicable.

4. Earn Recognition – Each hunt submission gets assigned a unique hypothesis number (e.g., H-001, B-002, M-003), categorizing it as Hypothesis-Driven (H), Baseline (B), or Model-Assisted (M). Contributors also receive a HEARTH sticker to rep their hunts in the real world—we ship globally!

Why Open Source?

Threat hunting is an evolving discipline. What works today may need adjustments tomorrow. By making HEARTH an open-source initiative, we’re ensuring that:

• Knowledge is freely available to all security teams, from enterprises to individual practitioners.

• Hunts can be iterated upon, refined, and continuously improved.

• The community grows stronger through collaboration, not competition.

Join the Hunt

The best threat hunters don’t just find adversaries—they build the tools and techniques to outpace them. Whether you’re an experienced hunter or just starting, HEARTH is your place to share, learn, and level up.

Get involved today by checking out the repository: HEARTH on GitHub

Let’s keep the fire burning. Happy thrunting! 🔥