detection-engineering
There are 148 repositories under detection-engineering topic.
sbousseaden/EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
DataDog/stratus-red-team
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
matanolabs/matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
splunk/security_content
Splunk Security Content
BushidoUK/Ransomware-Tool-Matrix
A resource containing all the tools each ransomware gangs uses
mthcht/awesome-lists
Awesome Security lists for SOC/CERT/CTI
infosecB/awesome-detection-engineering
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
mikeroyal/Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
mvelazc0/PurpleSharp
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
Cyb3r-Monk/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
runreveal/pql
Pipelined Query Language
mthcht/ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
nianticlabs/venator
A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.
sbousseaden/Slides
Misc Threat Hunting Resources
DataDog/threatest
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
lolc2/lolc2.github.io
lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection
DataDog/grimoire
Generate datasets of cloud audit logs for common attacks
mthcht/Purpleteam
Purpleteam scripts simulation & Detection - trigger events for SOC detections
krdmnbrk/AttackRuleMap
Mapping of open-source detection rules and atomic tests.
nasbench/SIGMA-Resources
Resources To Learn And Understand SIGMA Rules
rfackroyd/detection-engineering-starter-pack
A starter pack of resources to help you get started in Detection Engineering.
0xrawsec/gene
Signature engine for all your logs
3CORESec/SIEGMA
SIEGMA - Transform Sigma rules into SIEM consumables
mthcht/ThreatHunting-Keywords-yara-rules
yara detection rules for hunting with the threathunting-keywords project
ControlCompass/ControlCompass.github.io
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
infosecB/Rulehound
An index of publicly available and open-source threat detection rulesets.
lawndoc/AdvancedHuntingQueries
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.
st0pp3r/awesome-detection-engineer
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
mvelazc0/attack2jira
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage
anvilogic-forge/armory
Anvilogic Forge
bradleyjkemp/sigma-go
A Go implementation and parser for Sigma rules.
adrianlois/DFIR-Detection-Engineering
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.
AttackIQ/SigmAIQ
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
0xAnalyst/DefenderATPQueries
Hunting Queries for Defender ATP
AlbinoGazelle/esxi-testing-toolkit
🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.