There are 18 repositories under detection-engineering topic.
Windows Events Attack Samples
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Splunk Security Content
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
Awesome list of keywords and artifacts for Threat Hunting sessions
Resources To Learn And Understand SIGMA Rules
Purpleteam scripts simulation & Detection - trigger events for SOC detections
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.
A collection of various SIEM rules relating to malware family groups.
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
yara detection rules for hunting with the threathunting-keywords project
An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
Sigma detection rules for hunting with the threathunting-keywords project
Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.
A POC to implement Detection-as-Code with Terraform and Sumo Logic.
Research, Rules, Books, Tools and more basic stuff you can get anywhere
Resource for all things threat detection
Short deep dive into Threat Hunting on AWS
A Step by Step Guide for Cyber Security Beginners to Jump into the right path