Skip to content

Latest commit

 

History

History
84 lines (66 loc) · 2.81 KB

Contributing.md

File metadata and controls

84 lines (66 loc) · 2.81 KB

🔥 Contributing to HEARTH

Welcome to the HEARTH community! We're excited to have you join us in building a comprehensive knowledge base for threat hunting. This guide will walk you through the process of submitting your hunt ideas and becoming an active member of our community.

How to Submit a Hunt

1. Prepare Your Hunt Idea

Before submitting, ensure your hunt idea is well-thought-out and ready for review. Consider:

  • What specific threat or behavior are you trying to detect?
  • What data sources and tools are needed?
  • How would others implement this hunt?

2. Submit Your Hunt

  1. Go to Submit New Issue

  2. Select "HEARTH Hunt Submission Form" template

  3. Complete all required fields:

    Core Information:

    • Hunt Type 🔥
      • Flames (Hypothesis-Driven): Based on assumptions about adversary behavior
      • Embers (Baseline): Focused on identifying deviations from typical behavior
      • Alchemy (Model-Assisted): Leveraging models like anomaly detection and machine learning
    • HEARTH Crafter (your name/handle)
    • Hunt Idea/Hypothesis
    • MITRE ATT&CK Tactic
    • Search Tags (e.g., #Persistence #WindowsEvents #ScheduledTasks)

    Detailed Sections:

    • Implementation Notes

      • Required data sources
      • System requirements
      • Technical limitations
      • Key assumptions

    • Why Light This Fire? 🔥

      • Security risks addressed
      • Potential impact of findings
      • Connection to threat campaigns
      • Value to the community

    • Knowledge Base

      • MITRE ATT&CK references
      • Related research
      • Supporting documentation
      • Similar techniques
      • Relevant tools/frameworks

  4. Click "Submit new issue"

3. Review Process

All submissions are reviewed by HEARTH Keepers who will:

  • Verify technical accuracy and completeness
  • Ensure proper documentation
  • Provide feedback if needed
  • Assign an official hunt number upon approval

4. Hunt Numbering

Official hunt numbers are assigned based on the type:

  • Flames (Hypothesis-Driven): H0001, H0002, H0003, etc.
  • Embers (Baseline): B0001, B0002, B0003, etc.
  • Alchemy (Model-Assisted): A0001, A0002, A0003, etc.

Recognition and Benefits

Upon approval, contributors receive:

  • An official hunt number
  • Community recognition
  • Integration into the HEARTH repository
  • Opportunity to collaborate with other hunters

Not Sure Where to Start?

If your hunt idea isn't fully developed yet:

  1. Check out The Forge for work-in-progress hunts
  2. Review existing hunts for inspiration
  3. Join community discussions
  4. Ask questions in our issues section
  5. Check out our 🪵 Resources Guide!

Remember: Every great hunt starts with a single idea. We're here to help you develop and share yours with the community.

Happy Hunting! 🔥