detection-engineering
There are 59 repositories under detection-engineering topic.
sbousseaden/EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
DataDog/stratus-red-team
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
matanolabs/matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
splunk/security_content
Splunk Security Content
mikeroyal/Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
mvelazc0/PurpleSharp
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
infosecB/awesome-detection-engineering
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
runreveal/pql
Pipelined Query Language
Cyb3r-Monk/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
sbousseaden/Slides
Misc Threat Hunting Resources
mthcht/ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
DataDog/threatest
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
nasbench/SIGMA-Resources
Resources To Learn And Understand SIGMA Rules
0xrawsec/gene
Signature engine for all your logs
3CORESec/SIEGMA
SIEGMA - Transform Sigma rules into SIEM consumables
mthcht/Purpleteam
Purpleteam scripts simulation & Detection - trigger events for SOC detections
ControlCompass/ControlCompass.github.io
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
mvelazc0/attack2jira
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage
lawndoc/AdvancedHuntingQueries
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
bradleyjkemp/sigma-go
A Go implementation and parser for Sigma rules.
anvilogic-forge/armory
Anvilogic Forge
adrianlois/DFIR-Detection-Engineering
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.
AttackIQ/SigmAIQ
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
reversinglabs/reversinglabs-siem-rules
A collection of various SIEM rules relating to malware family groups.
mthcht/ThreatHunting-Keywords-yara-rules
yara detection rules for hunting with the threathunting-keywords project
west-wind/Threat-Hunting-With-Splunk
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
0xAnalyst/DefenderATPQueries
Hunting Queries for Defender ATP
3CORESec/Automata
Automatic detection engineering technical state compliance
M3NIX/sigmaio
simple webapp for converting sigma rules into siem queries using the pySigma library
infosecB/detection-as-code
An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
mthcht/ThreatHunting-Keywords-sigma-rules
Sigma detection rules for hunting with the threathunting-keywords project
center-for-threat-informed-defense/summiting-the-pyramid
Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.
threat-punter/detection-as-code-example
A POC to implement Detection-as-Code with Terraform and Sumo Logic.
JakePeralta7/CyberSecurity
Research, Rules, Books, Tools and more basic stuff you can get anywhere
erickatwork/threat-detection-engineering-reference
Resource for all things threat detection