Welcome to the Anvilogic Forge Armory, an open-source initiative by the Anvilogic Forge team. This repository houses public versions of the sophisticated detections found within the real Anvilogic Platform Armory. Our mission is to empower security teams across the globe by providing access to top-tier threat detection methodologies, enhancing cybersecurity measures and fostering a safer digital environment. Note that these detections have been stripped down to a publicly usable state without the necessity of the Anvilogic Platform. These detections are what Anvilogic consider Threat Identifiers and are primarily intended to be part of a more advanced piece of sequencing detection, called a Threat Scenario, which can be easily strung together and deployed via the Anvilogic Platform.

The Anvilogic Forge team is dedicated to illuminating the dark corners of the web by tracking and responding to invisible threats. By making our detections publicly available, we aim to contribute to the collective defense against the biggest emerging threats in the cybersecurity landscape.

Detections: Find ready-to-use detection rules that span across various categories of cybersecurity threats. Documentation: Comprehensive guides and documentation to help you understand each detection's purpose, scope, and implementation. Community Contributions: Contributions from the cybersecurity community that enrich our repository with diverse perspectives and expertise.

To get started with Armory, we recommend the following steps:

Explore the Detections: Browse through the detections available in this repository to understand their scope and application. Each piece of detection logic is stored in YAML format along with certain enrichment components such as MITRE ATT&CK mappings. Implementation: Detection logic contains macros as placeholders to call respective data sets such as endpoint, web, etc. These macros will need to be replaced with the appropriate logic to function. Once replaced, feel free to copy, paste, and run! Contribute: If you're interested in contributing to Armory, please see the contribution guidelines below or feel free to contact us via the support email.

We welcome contributions from the cybersecurity community! If you have a detection rule or an enhancement suggestion, please follow these steps:

Fork the Repository: Start by forking the repository to your GitHub account. Create a Pull Request: After making your changes or adding a new detection, submit a pull request to the main repository. Review Process: Our team will review your submission and provide feedback or approve the pull request.

If you need assistance or have any questions, please file an issue in this repository or contact the Anvilogic Forge team at forge@anvilogic.com.

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details. The GNU GPL is a widely used free software license that guarantees end users the freedom to run, study, share, and modify the software.

We extend our deepest gratitude to all contributors and the cybersecurity community for supporting this initiative and helping make the digital world a safer place.