detection-engineering

There are 22 repositories under detection-engineering topic.

• sbousseaden / EVTX-ATTACK-SAMPLES

  Windows Events Attack Samples

  datasetdetection-engineeringdfirevtxmitre-attackthreat-huntingwindows-securitywinlogbeat
  Language:HTML 2252

• DataDog / stratus-red-team

  :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

  awsadversary-emulationpurple-teammitre-attackcloud-securitycloud-native-securitydetection-engineeringthreat-detectionsecurityaws-securityazure-securitykubernetes-securitygcp-security
  Language:Go 1830
• Digital-Forensics-Guide

  mikeroyal / Digital-Forensics-Guide

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

  alertingcyber-securitydetection-engineeringdfirdigital-forensicsdigitalforensicreadinessdigitalforensicsforensic-analysisforensicsforensics-investigationsforensics-toolsintrusion-detectionmitre-attacknetwork-securityoffensive-securityosintport-scanningsecuritysiemthreat-intelligence
  Language:Python 1658
• matano

  matanolabs / matano

  Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

  alertingapache-icebergawsaws-securitybig-datacloudcloud-nativecloud-securitycybersecuritydetection-engineeringdfirlog-analyticslog-managementrustsecopssecuritysecurity-toolsserverlesssiemthreat-hunting
  Language:Rust 1474
• security_content

  splunk / security_content

  Splunk Security Content

  splunkdetectionengineeringresponsescicdcybersecuritydetection-engineering
  Language:Python 1295
• Open-Source-Security-Guide

  mikeroyal / Open-Source-Security-Guide

  Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

  compliancecyber-securitydetection-engineeringforensics-toolsincident-managementincident-responseinformation-securityinfosecintrusion-detectionkali-linuxmitre-attacknetwork-analysisoffensive-securitypentestersprivacy-protectionscanning-toolsiemsurveillancevulnerabilitiesvulnerability-detection
  Language:Go 919

• infosecB / awesome-detection-engineering

  Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.

  detection-engineeringsplunkmitreawesome-listawesomecybersecuritythreat-detection
  850

• mvelazc0 / PurpleSharp

  PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments

  adversary-simulationcontrols-validationdetection-engineeringpurple-team
  Language:C# 775

• BushidoUK / Ransomware-Tool-Matrix

  A resource containing all the tools each ransomware gangs uses

  cticybersecuritydetection-engineeringhackingosintransomwarethreat-huntingthreat-intelligencethreatintel
  759
• awesome-lists

  mthcht / awesome-lists

  Awesome Security lists for SOC/CERT/CTI

  blueteamhacktoolsredteamsecuritysocawesome-listctiiocblueteam-toolsdetectiondetection-engineeringdfirincident-responseiocsirsiemthreat-huntingthreat-intelligenceransomwarermm
  Language:GLSL 715

• runreveal / pql

  Pipelined Query Language

  clickhousedetection-engineeringgogolangquery-languagesiemsql
  Language:Go 646
• Threat-Hunting-and-Detection

  Cyb3r-Monk / Threat-Hunting-and-Detection

  Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

  threat-huntingthreat-detectioncybersecuritydefender-for-endpointdetection-engineeringdfirkqlkusto-languagemicrosoft-sentinel
  Language:Jupyter Notebook 642
• ThreatHunting-Keywords

  mthcht / ThreatHunting-Keywords

  Awesome list of keywords and artifacts for Threat Hunting sessions

  awesome-listblueteamdetection-engineeringdfirelk-stackendpoint-securityforensichacktoolsincident-responseiocsoffensive-scriptsoffensive-securityredteamsiemsocsplunkthreat-huntingthreat-intelligencethreathuntingyara-rules
  Language:HTML 473

• Aegrah / PANIX

  Customizable Linux Persistence Tool for Security Research and Detection Engineering.

  backdoorbashdetection-engineeringlinuxpanixpersistencesecurity-researchshellunix
  Language:Shell 415

• sbousseaden / Slides

  Misc Threat Hunting Resources

  detection-engineeringdfirmindmapthreat-hunting
  372

• nianticlabs / venator

  A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.

  detection-engineeringgolangkubernetesthreat-detection
  Language:Go 351

• DataDog / threatest

  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.

  continuous-securitydetection-engineeringsecurity-automationthreat-detection
  Language:Go 319

• DataDog / grimoire

  Generate datasets of cloud audit logs for common attacks

  cloud-securitydetection-engineeringpurpleteaming
  Language:Go 185

• nasbench / SIGMA-Resources

  Resources To Learn And Understand SIGMA Rules

  sigmarulesdetectiondetection-engineeringsigma-rulesresourceslearningwindowslinuxawesome
  168

• 0xrawsec / gene

  Signature engine for all your logs

  detection-engineeringdfirthreat-hunting
  Language:Go 161
• Purpleteam

  mthcht / Purpleteam

  Purpleteam scripts simulation & Detection - trigger events for SOC detections

  blueteamdetectionlinuxmitre-attackoffensive-scriptspurpleteamredteamsecuritysiemsimulationsoctacticstechniqueswindowsawesomeawesome-listiocthreat-huntingthreathuntingdetection-engineering
  Language:PowerShell 158
• SIEGMA

  3CORESec / SIEGMA

  SIEGMA - Transform Sigma rules into SIEM consumables

  sigmadetection-engineeringsiemsecuritydata-driven
  Language:Python 141

• ControlCompass / ControlCompass.github.io

  Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

  securityintelligencecybersecuritythreat-intelligencethreat-huntingred-teamingred-teamdetectiondetection-engineeringmitre-attacksiemsecurity-toolssecurity-operationssocinfosecinformation-security
  Language:JavaScript 123

• lawndoc / AdvancedHuntingQueries

  Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

  securitycybersecuritykustokqlhuntingthreat-huntingdetectiondetection-engineeringmicrosoftmicrosoft365defender-for-endpointdefenderdefender-atpcyber-securityxdr
  111

• mvelazc0 / attack2jira

  attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage

  mitre-attackdetection-engineeringmitreattack-coverage
  Language:Python 111
• ThreatHunting-Keywords-yara-rules

  mthcht / ThreatHunting-Keywords-yara-rules

  yara detection rules for hunting with the threathunting-keywords project

  awesome-listblueteamdetection-engineeringdfirforensics-toolshacktoolshuntingincident-responseoffensive-securitythreat-huntingthreat-intelligenceyara-forensicsyara-rulesyara-scanneryara-signatures
  Language:YARA 87

• anvilogic-forge / armory

  Anvilogic Forge

  detectiondetection-engineeringsnowflakesplunkthreat-hunting
  86
• sigma-go

  bradleyjkemp / sigma-go

  A Go implementation and parser for Sigma rules.

  sigmadetection-engineering
  Language:Go 84

• 0xAnalyst / DefenderATPQueries

  Hunting Queries for Defender ATP

  defender-atpdetection-engineeringdetection-ruleskqlmicrosoftsentinelthreat-hunting
  73
• DFIR-Detection-Engineering

  adrianlois / DFIR-Detection-Engineering

  Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.

  cybersecuritydetecciondfirforensemalwaresecuritytipstricksanti-forensedetection-engineeringartefactosartefactsevidenciasforensicslinuxmacosxwindowsdigital-forensicsincident-response
  73

• AttackIQ / SigmAIQ

  A pySigma wrapper and langchain toolkit for automatic rule creation/translation

  detection-engineeringlangchainllmpython3securitysecurity-toolssigmasigma-rules
  Language:Python 66

• reversinglabs / reversinglabs-siem-rules

  A collection of various SIEM rules relating to malware family groups.

  detection-engineeringinfosecmicrosoft-sentinelsiem
  Language:YARA 62

• west-wind / Threat-Hunting-With-Splunk

  Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

  detectionsplunkmitre-attackbpfdoorvulnerabilitybpfdoor-detectiontext4shelldetection-engineeringesxi-malwareesxi-ransomwarertm-lockerarcanedoorline-runnercve-2024-20353cve-2024-20359line-dancer
  57

• 3CORESec / Automata

  Automatic detection engineering technical state compliance

  sigmacalderadetectiondetection-engineering
  Language:Python 50

• infosecB / detection-as-code

  An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.

  blueteamcybersecuritydetection-engineeringthreat-detection
  Language:Python 49
• ThreatHunting-Keywords-sigma-rules

  mthcht / ThreatHunting-Keywords-sigma-rules

  Sigma detection rules for hunting with the threathunting-keywords project

  blueteamdetection-engineeringdetection-rulesdfirforensicartifactsmitre-attacksiemsigma-rulesthreat-detectionthreat-huntingthreathunting
  Language:Python 47