detection-engineering

There are 18 repositories under detection-engineering topic.

• sbousseaden / EVTX-ATTACK-SAMPLES

  Windows Events Attack Samples

  threat-huntingevtxwindows-securitymitre-attackdetection-engineeringdatasetwinlogbeatdfir
  Language:HTML 2131

• DataDog / stratus-red-team

  :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

  adversary-emulationawsaws-securityazure-securitycloud-native-securitycloud-securitydetection-engineeringgcp-securitykubernetes-securitymitre-attackpurple-teamsecuritythreat-detection
  Language:Go 1622
• Digital-Forensics-Guide

  mikeroyal / Digital-Forensics-Guide

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

  digitalforensicsdigitalforensicreadinessforensicssecurityforensics-toolsdigital-forensicsthreat-intelligenceintrusion-detectionmitre-attackdetection-engineeringnetwork-securityoffensive-securitycyber-securityport-scanningsiemalertingforensic-analysisforensics-investigationsosintdfir
  Language:Python 1359
• matano

  matanolabs / matano

  Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

  awscloudsecuritybig-dataserverlessapache-iceberglog-analyticslog-managementthreat-huntingrustalertingcloud-nativeaws-securitycloud-securitycybersecuritysecopssecurity-toolsdfirdetection-engineeringsiem
  Language:Rust 1358
• security_content

  splunk / security_content

  Splunk Security Content

  cicdcybersecuritydetectiondetection-engineeringengineeringresponsessplunk
  Language:Python 1141
• Open-Source-Security-Guide

  mikeroyal / Open-Source-Security-Guide

  Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

  vulnerabilitiesvulnerability-detectionprivacy-protectionpentestersnetwork-analysisintrusion-detectioninfosecincident-managementmitre-attackdetection-engineeringkali-linuxoffensive-securityinformation-securitysiemcompliancecyber-securityscanning-toolincident-responseforensics-toolssurveillance
  Language:Go 855

• mvelazc0 / PurpleSharp

  PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments

  adversary-simulationcontrols-validationdetection-engineeringpurple-team
  Language:C# 747

• runreveal / pql

  Pipelined Query Language

  clickhousedetection-engineeringgogolangquery-languagesiemsql
  Language:Go 616
• Threat-Hunting-and-Detection

  Cyb3r-Monk / Threat-Hunting-and-Detection

  Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

  cybersecuritydefender-for-endpointdetection-engineeringdfirkqlkusto-languagemicrosoft-sentinelthreat-detectionthreat-hunting
  Language:Jupyter Notebook 563

• infosecB / awesome-detection-engineering

  Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.

  awesomeawesome-listcybersecuritydetection-engineeringmitresplunkthreat-detection
  554

• sbousseaden / Slides

  Misc Threat Hunting Resources

  threat-huntingdetection-engineeringmindmapdfir
  361
• ThreatHunting-Keywords

  mthcht / ThreatHunting-Keywords

  Awesome list of keywords and artifacts for Threat Hunting sessions

  awesome-listblueteamdetection-engineeringendpoint-securityiocsoffensive-scriptsoffensive-securityredteamsiemsocsplunkthreat-huntingthreat-intelligencethreathuntingdfirincident-responseforensichacktoolssigma-ruleselk-stack
  Language:HTML 340

• DataDog / threatest

  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.

  continuous-securitydetection-engineeringsecurity-automationthreat-detection
  Language:Go 305

• nasbench / SIGMA-Resources

  Resources To Learn And Understand SIGMA Rules

  sigmarulesdetectiondetection-engineeringsigma-rulesresourceslearningwindowslinuxawesome
  160

• 0xrawsec / gene

  Signature engine for all your logs

  dfirthreat-huntingdetection-engineering
  Language:Go 151
• SIEGMA

  3CORESec / SIEGMA

  SIEGMA - Transform Sigma rules into SIEM consumables

  data-drivendetection-engineeringsecuritysiemsigma
  Language:Python 137
• Purpleteam

  mthcht / Purpleteam

  Purpleteam scripts simulation & Detection - trigger events for SOC detections

  blueteamdetectionlinuxmitre-attackoffensive-scriptspurpleteamredteamsecuritysiemsimulationsoctacticstechniqueswindowsawesomeawesome-listiocthreat-huntingthreathuntingdetection-engineering
  Language:PowerShell 123

• ControlCompass / ControlCompass.github.io

  Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

  securityintelligencecybersecuritythreat-intelligencethreat-huntingred-teamingred-teamdetectiondetection-engineeringmitre-attacksiemsecurity-toolssecurity-operationssocinfosecinformation-security
  Language:JavaScript 117

• mvelazc0 / attack2jira

  attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage

  attack-coveragedetection-engineeringmitremitre-attack
  Language:Python 112

• lawndoc / AdvancedHuntingQueries

  Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

  cyber-securitycybersecuritydefenderdefender-atpdefender-for-endpointdetectiondetection-engineeringhuntingkqlkustomicrosoftmicrosoft365securitythreat-huntingxdr
  94
• sigma-go

  bradleyjkemp / sigma-go

  A Go implementation and parser for Sigma rules.

  detection-engineeringsigma
  Language:Go 76

• anvilogic-forge / armory

  Anvilogic Forge

  detectiondetection-engineeringthreat-huntingsnowflakesplunk
  62
• DFIR-Detection-Engineering

  adrianlois / DFIR-Detection-Engineering

  Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.

  anti-forenseartefactosartefactscybersecuritydetecciondetection-engineeringdfirdigital-forensicsevidenciasforenseforensicsincident-responselinuxmacosxmalwaresecuritytipstrickswindows
  61

• reversinglabs / reversinglabs-siem-rules

  A collection of various SIEM rules relating to malware family groups.

  detection-engineeringinfosecmicrosoft-sentinelsiem
  Language:YARA 58

• west-wind / Threat-Hunting-With-Splunk

  Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

  detectionsplunkmitre-attackbpfdoorvulnerabilitybpfdoor-detectiontext4shelldetection-engineeringesxi-malwareesxi-ransomwarertm-lockerarcanedoorline-runnercve-2024-20353cve-2024-20359line-dancer
  49

• 3CORESec / Automata

  Automatic detection engineering technical state compliance

  calderadetectiondetection-engineeringsigma
  Language:Python 48
• ThreatHunting-Keywords-yara-rules

  mthcht / ThreatHunting-Keywords-yara-rules

  yara detection rules for hunting with the threathunting-keywords project

  awesome-listblueteamdetection-engineeringdfirforensics-toolshacktoolshuntingincident-responseoffensive-securitythreat-huntingthreat-intelligenceyara-forensicsyara-rulesyara-scanneryara-signatures
  Language:YARA 48

• M3NIX / sigmaio

  simple webapp for converting sigma rules into siem queries using the pySigma library

  detection-engineeringsigmasplunkpysigma
  Language:HTML 47

• infosecB / detection-as-code

  An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.

  threat-detectioncybersecuritydetection-engineeringblueteam
  Language:Python 43
• ThreatHunting-Keywords-sigma-rules

  mthcht / ThreatHunting-Keywords-sigma-rules

  Sigma detection rules for hunting with the threathunting-keywords project

  blueteamdetection-engineeringdetection-rulessiemsigma-rulesthreat-detectionthreat-huntingthreathuntingdfirforensicartifactsmitre-attack
  Language:Python 40

• center-for-threat-informed-defense / summiting-the-pyramid

  Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.

  ctidcyber-analyticscybersecuritydetection-engineeringmitre-attackthreat-informed-defense
  Language:Makefile 22

• threat-punter / detection-as-code-example

  A POC to implement Detection-as-Code with Terraform and Sumo Logic.

  blue-teamcybersecuritydetection-as-codedetection-engineeringinfosec
  Language:Python 20

• JakePeralta7 / CyberSecurity

  Research, Rules, Books, Tools and more basic stuff you can get anywhere

  cybersecuritydetection-engineeringdfirresourcesthreat-hunting
  Language:Python 10

• erickatwork / threat-detection-engineering-reference

  Resource for all things threat detection

  detectiondetection-engineeringincident-responsemitre-attackreferencerisk-basedsecuritythreat-intelligencethreat-modelingdetection-as-codedistributed-alertingrisk-based-alerting
  7

• BenjiTrapp / aws-threat-hunting

  Short deep dive into Threat Hunting on AWS

  awscloudtraildetection-engineeringjupyter-notebookthreathunting
  Language:Jupyter Notebook 6

• qasimqlf / StepbyStep_CyberSecurity

  A Step by Step Guide for Cyber Security Beginners to Jump into the right path

  cyber-securitycybersecuritycybersecurity-awarenesscybersecurity-incidentsdetection-engineeringguidelineshacktoberfesthacktoberfest2022threat-huntingtutorials
  6