detection-engineering

There are 77 repositories under detection-engineering topic.

sbousseaden/EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
Language:HTML2.3k 143 12399
DataDog/stratus-red-team
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
Language:Go1.8k 38 188215
mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Language:Python1.7k 32 5209
matanolabs/matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Language:Rust1.5k 22 105101
splunk/security_content
Splunk Security Content
Language:Python1.3k 71 266362
mikeroyal/Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
Language:Go919 29 386
infosecB/awesome-detection-engineering
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
852 28 077
mvelazc0/PurpleSharp
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
Language:C#775 30 6109
BushidoUK/Ransomware-Tool-Matrix
A resource containing all the tools each ransomware gangs uses
763 21 183
mthcht/awesome-lists
Awesome Security lists for SOC/CERT/CTI
Language:GLSL715 26 684
runreveal/pql
Pipelined Query Language
Language:Go646 5 4225
Cyb3r-Monk/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Language:Jupyter Notebook643 28 4102
mthcht/ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
Language:HTML473 11 1055
Aegrah/PANIX
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
Language:Shell415 8 942
sbousseaden/Slides
Misc Threat Hunting Resources
372 33 061
nianticlabs/venator
A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.
Language:Go353 4 118
DataDog/threatest
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
Language:Go319 13 922
DataDog/grimoire
Generate datasets of cloud audit logs for common attacks
Language:Go184 3 514
nasbench/SIGMA-Resources
Resources To Learn And Understand SIGMA Rules
168 9 014
0xrawsec/gene
Signature engine for all your logs
Language:Go161 14 2117
mthcht/Purpleteam
Purpleteam scripts simulation & Detection - trigger events for SOC detections
Language:PowerShell158 8 118
3CORESec/SIEGMA
SIEGMA - Transform Sigma rules into SIEM consumables
Language:Python141 10 1221
ControlCompass/ControlCompass.github.io
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
Language:JavaScript123 6 326
lawndoc/AdvancedHuntingQueries
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
111 5 016
mvelazc0/attack2jira
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage
Language:Python111 8 1229
mthcht/ThreatHunting-Keywords-yara-rules
yara detection rules for hunting with the threathunting-keywords project
Language:YARA87 6 511
anvilogic-forge/armory
Anvilogic Forge
86 5 05
bradleyjkemp/sigma-go
A Go implementation and parser for Sigma rules.
Language:Go84 5 1618
0xAnalyst/DefenderATPQueries
Hunting Queries for Defender ATP
73 2 08
adrianlois/DFIR-Detection-Engineering
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.
73 2 19
AttackIQ/SigmAIQ
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
Language:Python66 1 410
reversinglabs/reversinglabs-siem-rules
A collection of various SIEM rules relating to malware family groups.
Language:YARA62 5 07
west-wind/Threat-Hunting-With-Splunk
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
57 3 08
3CORESec/Automata
Automatic detection engineering technical state compliance
Language:Python51 5 011
infosecB/detection-as-code
An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
Language:Python49 3 114
mthcht/ThreatHunting-Keywords-sigma-rules
Sigma detection rules for hunting with the threathunting-keywords project
Language:Python47 3 05

detection-engineering

sbousseaden/EVTX-ATTACK-SAMPLES

DataDog/stratus-red-team

mikeroyal/Digital-Forensics-Guide

matanolabs/matano

splunk/security_content

mikeroyal/Open-Source-Security-Guide

infosecB/awesome-detection-engineering

mvelazc0/PurpleSharp

BushidoUK/Ransomware-Tool-Matrix

mthcht/awesome-lists

runreveal/pql

Cyb3r-Monk/Threat-Hunting-and-Detection

mthcht/ThreatHunting-Keywords

Aegrah/PANIX

sbousseaden/Slides

nianticlabs/venator

DataDog/threatest

DataDog/grimoire

nasbench/SIGMA-Resources

0xrawsec/gene

mthcht/Purpleteam

3CORESec/SIEGMA

ControlCompass/ControlCompass.github.io

lawndoc/AdvancedHuntingQueries

mvelazc0/attack2jira

mthcht/ThreatHunting-Keywords-yara-rules

anvilogic-forge/armory

bradleyjkemp/sigma-go

0xAnalyst/DefenderATPQueries

adrianlois/DFIR-Detection-Engineering

AttackIQ/SigmAIQ

reversinglabs/reversinglabs-siem-rules

west-wind/Threat-Hunting-With-Splunk

3CORESec/Automata

infosecB/detection-as-code

mthcht/ThreatHunting-Keywords-sigma-rules