This is the One Stop place where you can several Detection Rules which can help you to kick start your journey on SIEM, SOC journey and also fpr personal practise. But always remember, this is not a exaustive list of Rules and most of them might not be performence driven. So first you decide your usecases and then check here to see which suits your requirement and then keep then tuning as per your need.
- In return share my YouTube Channel 👉 https://www.youtube.com/c/BlackPerl to your DFIR peers! I would ❤ to have subscribers from DFIR community!
- If you like to support my creation and pay me back a little, you can buy me a coffee ☕ https://www.buymeacoffee.com/BlackPerl
- Elastic SIEM Rule Repository- https://github.com/elastic/detection-rules
- Sigma-Rule-Repository-
- QRadar Rule sets- https://github.com/Xboarder56/QRCE-Rules
- Suricata rules for network anomaly detection- https://github.com/travisbgreen/hunting-rules
- Vulners Burp Plugin Rules- https://github.com/vulnersCom/detect-rules
- Sigma to Splunk alert converter- https://github.com/P4T12ICK/Sigma2SplunkAlert
- Chronicle Detection Rules- https://github.com/chronicle/detection-rules
- Splunk Queries for Threat Hunting- https://github.com/inodee/threathunting-spl/tree/master/hunt-queries
- Polylogyx Detection Rules- https://github.com/polylogyx/DetectionRules/tree/master/general
- Detection Rule for quark-engine- https://github.com/quark-engine/quark-rules
- Threat Hunting Rules(snort, zeek, clamav, yara)- https://github.com/ditekshen/detection
- SURICATA Rules for Attack Detection- https://github.com/s0wr0b1ndef/SuricataRules-AttackDetection-
- YARA rules for malware detection- https://github.com/SadFud/YARA.Rules
- Tools for scan fire Eye red team yara rules- https://github.com/seyyid-bh/FireEyeHackDetection
- Program that create DoS detection rules for use of Snort- https://github.com/fonger900/Capstone-software
- Sigma detection rules on logs from the new MacOS EndpointSecurity Framework- https://github.com/bradleyjkemp/sigma-esf
- Azure Sentinel intrusion detection rules- https://github.com/basedfir/detection-rules
- Splunk Correlation Rules and queries- https://github.com/optionalg/splunk-1