Ahmed Khlief designed APT-Hunter, a threat-hunting tool for Windows event logs that can detect suspicious activity and track APT movements. It is helpful for threat hunters, incident responders, and forensic investigators. The default rules of this tool map Mitre ATT&CK tactics and techniques to Windows event log event IDs and detect the indicator of attack, which includes apt techniques.

Free and open-source, APT-Hunter can identify APT movements within the system based on previously discovered APT attacks. Its quicker attack detection will shorten the time it takes to react, enabling swift containment and eradication of attacks. Using it as a filter, millions of events can be filtered down to just a few serious ones.