detection-engineering

There are 21 repositories under detection-engineering topic.

• sbousseaden / EVTX-ATTACK-SAMPLES

  Windows Events Attack Samples

  datasetdetection-engineeringdfirevtxmitre-attackthreat-huntingwindows-securitywinlogbeat
  Language:HTML 2201

• DataDog / stratus-red-team

  :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

  adversary-emulationawsaws-securityazure-securitycloud-native-securitycloud-securitydetection-engineeringgcp-securitykubernetes-securitymitre-attackpurple-teamsecuritythreat-detection
  Language:Go 1752
• Digital-Forensics-Guide

  mikeroyal / Digital-Forensics-Guide

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

  digitalforensicsdigitalforensicreadinessforensicssecurityforensics-toolsdigital-forensicsthreat-intelligenceintrusion-detectionmitre-attackdetection-engineeringnetwork-securityoffensive-securitycyber-securityport-scanningsiemalertingforensic-analysisforensics-investigationsosintdfir
  Language:Python 1598
• matano

  matanolabs / matano

  Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

  awscloudsecuritybig-dataserverlessapache-iceberglog-analyticslog-managementthreat-huntingrustalertingcloud-nativeaws-securitycloud-securitycybersecuritysecopssecurity-toolsdfirdetection-engineeringsiem
  Language:Rust 1447
• security_content

  splunk / security_content

  Splunk Security Content

  splunkdetectionengineeringresponsescicdcybersecuritydetection-engineering
  Language:Python 1253
• Open-Source-Security-Guide

  mikeroyal / Open-Source-Security-Guide

  Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

  compliancecyber-securitydetection-engineeringforensics-toolsincident-managementincident-responseinformation-securityinfosecintrusion-detectionkali-linuxmitre-attacknetwork-analysisoffensive-securitypentestersprivacy-protectionscanning-toolsiemsurveillancevulnerabilitiesvulnerability-detection
  Language:Go 896

• infosecB / awesome-detection-engineering

  Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.

  awesomeawesome-listcybersecuritydetection-engineeringmitresplunkthreat-detection
  803

• mvelazc0 / PurpleSharp

  PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments

  adversary-simulationcontrols-validationdetection-engineeringpurple-team
  Language:C# 767

• runreveal / pql

  Pipelined Query Language

  clickhousedetection-engineeringgogolangquery-languagesiemsql
  Language:Go 638
• awesome-lists

  mthcht / awesome-lists

  Awesome Security lists for SOC/CERT/CTI

  awesome-listblueteamblueteam-toolsctidetectiondetection-engineeringdfirhacktoolsincident-responseiociocsirransomwareredteamrmmsecuritysiemsocthreat-huntingthreat-intelligence
  Language:GLSL 630
• Threat-Hunting-and-Detection

  Cyb3r-Monk / Threat-Hunting-and-Detection

  Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

  cybersecuritydefender-for-endpointdetection-engineeringdfirkqlkusto-languagemicrosoft-sentinelthreat-detectionthreat-hunting
  Language:Jupyter Notebook 595

• BushidoUK / Ransomware-Tool-Matrix

  A resource containing all the tools each ransomware gangs uses

  cticybersecuritydetection-engineeringhackingosintransomwarethreat-huntingthreat-intelligencethreatintel
  557
• ThreatHunting-Keywords

  mthcht / ThreatHunting-Keywords

  Awesome list of keywords and artifacts for Threat Hunting sessions

  awesome-listblueteamdetection-engineeringendpoint-securityiocsoffensive-scriptsoffensive-securityredteamsiemsocsplunkthreat-huntingthreat-intelligencethreathuntingdfirincident-responseforensichacktoolselk-stackyara-rules
  Language:HTML 441

• Aegrah / PANIX

  Customizable Linux Persistence Tool for Security Research and Detection Engineering.

  bashdetection-engineeringlinuxpersistencesecurity-researchshellpanixunixbackdoor
  Language:Shell 379

• sbousseaden / Slides

  Misc Threat Hunting Resources

  threat-huntingdetection-engineeringmindmapdfir
  368

• DataDog / threatest

  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.

  continuous-securitydetection-engineeringsecurity-automationthreat-detection
  Language:Go 313

• nasbench / SIGMA-Resources

  Resources To Learn And Understand SIGMA Rules

  awesomedetectiondetection-engineeringlearninglinuxresourcesrulessigmasigma-ruleswindows
  163

• DataDog / grimoire

  Generate datasets of cloud audit logs for common attacks

  cloud-securitydetection-engineeringpurpleteaming
  Language:Go 158

• 0xrawsec / gene

  Signature engine for all your logs

  dfirthreat-huntingdetection-engineering
  Language:Go 156
• Purpleteam

  mthcht / Purpleteam

  Purpleteam scripts simulation & Detection - trigger events for SOC detections

  blueteamdetectionlinuxmitre-attackoffensive-scriptspurpleteamredteamsecuritysiemsimulationsoctacticstechniqueswindowsawesomeawesome-listiocthreat-huntingthreathuntingdetection-engineering
  Language:PowerShell 149
• SIEGMA

  3CORESec / SIEGMA

  SIEGMA - Transform Sigma rules into SIEM consumables

  sigmadetection-engineeringsiemsecuritydata-driven
  Language:Python 139

• ControlCompass / ControlCompass.github.io

  Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

  cybersecuritydetectiondetection-engineeringinformation-securityinfosecintelligencemitre-attackred-teamred-teamingsecuritysecurity-operationssecurity-toolssiemsocthreat-huntingthreat-intelligence
  Language:JavaScript 120

• mvelazc0 / attack2jira

  attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage

  mitre-attackdetection-engineeringmitreattack-coverage
  Language:Python 110

• lawndoc / AdvancedHuntingQueries

  Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

  securitycybersecuritykustokqlhuntingthreat-huntingdetectiondetection-engineeringmicrosoftmicrosoft365defender-for-endpointdefenderdefender-atpcyber-securityxdr
  107
• sigma-go

  bradleyjkemp / sigma-go

  A Go implementation and parser for Sigma rules.

  sigmadetection-engineering
  Language:Go 82

• anvilogic-forge / armory

  Anvilogic Forge

  detectiondetection-engineeringthreat-huntingsnowflakesplunk
  80
• ThreatHunting-Keywords-yara-rules

  mthcht / ThreatHunting-Keywords-yara-rules

  yara detection rules for hunting with the threathunting-keywords project

  awesome-listblueteamdetection-engineeringdfirforensics-toolshacktoolshuntingincident-responseoffensive-securitythreat-huntingthreat-intelligenceyara-forensicsyara-rulesyara-scanneryara-signatures
  Language:YARA 75

• 0xAnalyst / DefenderATPQueries

  Hunting Queries for Defender ATP

  defender-atpdetection-engineeringdetection-ruleskqlmicrosoftsentinelthreat-hunting
  70
• DFIR-Detection-Engineering

  adrianlois / DFIR-Detection-Engineering

  Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.

  cybersecuritydetecciondfirforensemalwaresecuritytipstricksanti-forensedetection-engineeringartefactosartefactsevidenciasforensicslinuxmacosxwindowsdigital-forensicsincident-response
  68

• AttackIQ / SigmAIQ

  A pySigma wrapper and langchain toolkit for automatic rule creation/translation

  detection-engineeringlangchainllmpython3securitysecurity-toolssigmasigma-rules
  Language:Python 64

• reversinglabs / reversinglabs-siem-rules

  A collection of various SIEM rules relating to malware family groups.

  detection-engineeringinfosecmicrosoft-sentinelsiem
  Language:YARA 60

• west-wind / Threat-Hunting-With-Splunk

  Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

  arcanedoorbpfdoorbpfdoor-detectioncve-2024-20353cve-2024-20359detectiondetection-engineeringesxi-malwareesxi-ransomwareline-dancerline-runnermitre-attackrtm-lockersplunktext4shellvulnerability
  55

• 3CORESec / Automata

  Automatic detection engineering technical state compliance

  calderadetectiondetection-engineeringsigma
  Language:Python 49

• infosecB / detection-as-code

  An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.

  blueteamcybersecuritydetection-engineeringthreat-detection
  Language:Python 49

• M3NIX / sigmaio

  simple webapp for converting sigma rules into siem queries using the pySigma library

  detection-engineeringsigmasplunkpysigma
  Language:HTML 47
• ThreatHunting-Keywords-sigma-rules

  mthcht / ThreatHunting-Keywords-sigma-rules

  Sigma detection rules for hunting with the threathunting-keywords project

  blueteamdetection-engineeringdetection-rulessiemsigma-rulesthreat-detectionthreat-huntingthreathuntingdfirforensicartifactsmitre-attack
  Language:Python 47