HEARTH is an AI-powered, community-driven platform for threat hunting professionals to share, discover, and collaborate on hunting hypotheses. It aims to streamline the creation of effective threat hunts by providing a centralized knowledge base and automating parts of the process, enabling hunters to focus on strategic analysis.

How It Works

HEARTH leverages a serverless backend powered by GitHub Actions and integrates with AI models (GPT-4, Claude) for automated analysis of threat intelligence reports. Submissions are categorized using the PEAK Threat Hunting Framework (Flames, Embers, Alchemy). An interactive UI allows searching and filtering hunts, while AI assists in drafting hypotheses from CTI links and detecting duplicate submissions.

Quick Start & Requirements

Contributing to HEARTH is done via GitHub Issues. Automated CTI submissions require a URL to a threat intelligence source. Manual submissions require filling out a template. The platform itself is hosted on GitHub Pages.

Highlighted Details

• AI-powered CTI analysis automatically drafts hunt hypotheses from provided URLs.
• Duplicate detection flags potential overlaps in submitted hunts.
• GitHub Actions automate the submission lifecycle, including branch creation and PRs.
• A contributor leaderboard recognizes community contributions.

Maintenance & Community

The project is maintained by Lauren Proehl, Sydney Marrone, and John Grageda. Contributions are managed through GitHub Issues.

Licensing & Compatibility

Distributed under the MIT License, allowing for commercial use and integration with closed-source projects.

Limitations & Caveats

The AI-powered features rely on external APIs (OpenAI, Anthropic), which may incur costs or have usage limitations. The effectiveness of AI-generated hunts is dependent on the quality of the input CTI and the AI models used.