detection-engineering
There are 77 repositories under detection-engineering topic.
sbousseaden/EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
DataDog/stratus-red-team
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
matanolabs/matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
splunk/security_content
Splunk Security Content
mikeroyal/Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
infosecB/awesome-detection-engineering
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
BushidoUK/Ransomware-Tool-Matrix
A resource containing all the tools each ransomware gangs uses
mvelazc0/PurpleSharp
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
mthcht/awesome-lists
Awesome Security lists for SOC/CERT/CTI
Cyb3r-Monk/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
runreveal/pql
Pipelined Query Language
mthcht/ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
Aegrah/PANIX
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
sbousseaden/Slides
Misc Threat Hunting Resources
nianticlabs/venator
A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.
DataDog/threatest
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
DataDog/grimoire
Generate datasets of cloud audit logs for common attacks
nasbench/SIGMA-Resources
Resources To Learn And Understand SIGMA Rules
mthcht/Purpleteam
Purpleteam scripts simulation & Detection - trigger events for SOC detections
0xrawsec/gene
Signature engine for all your logs
3CORESec/SIEGMA
SIEGMA - Transform Sigma rules into SIEM consumables
ControlCompass/ControlCompass.github.io
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
lawndoc/AdvancedHuntingQueries
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
mvelazc0/attack2jira
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage
mthcht/ThreatHunting-Keywords-yara-rules
yara detection rules for hunting with the threathunting-keywords project
anvilogic-forge/armory
Anvilogic Forge
bradleyjkemp/sigma-go
A Go implementation and parser for Sigma rules.
0xAnalyst/DefenderATPQueries
Hunting Queries for Defender ATP
adrianlois/DFIR-Detection-Engineering
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.
AttackIQ/SigmAIQ
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
reversinglabs/reversinglabs-siem-rules
A collection of various SIEM rules relating to malware family groups.
west-wind/Threat-Hunting-With-Splunk
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
3CORESec/Automata
Automatic detection engineering technical state compliance
infosecB/detection-as-code
An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
mthcht/ThreatHunting-Keywords-sigma-rules
Sigma detection rules for hunting with the threathunting-keywords project