threat-detection
There are 15 repositories under threat-detection topic.
0x4D31 / awesome-threat-detection
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
- detection-rulesLanguage:Python 2421
DataDog / stratus-red-team
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
Language:Go 2185akto-api-security / akto
Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
Language:Java 1396infosecB / awesome-detection-engineering
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
- Watcher
thalesgroup-cert / Watcher
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Language:JavaScript 1056 kunai-project / kunai
Threat-hunting tool for Linux
Language:Rust 997- Threat-Hunting-and-Detection
Cyb3r-Monk / Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Language:Jupyter Notebook 791 cyb3rmik3 / KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
dev-lu / osint_toolkit
Open source platform for cyber security analysts with many features for threat intelligence and detection engineering.
Language:JavaScript 729- tailpipe
turbot / tailpipe
select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, right from your terminal.
Language:Go 515 nianticlabs / venator
A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.
Language:Go 383utmstack / UTMStack
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
Language:Java 354olafhartong / ATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Language:PowerShell 351GoogleCloudPlatform / security-analytics
Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud
Language:Python 346Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
Language:Go 336- Language:Python 190
rfackroyd / detection-engineering-starter-pack
A starter pack of resources to help you get started in Detection Engineering.
- WebSecProbe
spyboy-productions / WebSecProbe
Bypass 403
Language:Jupyter Notebook 163 - Rulehound
ecstatic-nobel / Analyst-Arsenal
A toolkit for Security Researchers
Language:Python 128MFMokbel / Crawlector
Crawlector is a threat hunting framework designed for scanning websites for malicious objects.
ine-labs / ThreatSeeker
ThreatSeeker: Threat Hunting via Windows Event Logs
Language:Python 123st0pp3r / awesome-detection-engineer
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
Language:HTML 117DART-Laboratory / Flash-IDS
Flash-IDS is an open-source system developed by the DART Laboratory for advanced intrusion detection using provenance graph representation learning. It implements the techniques presented in our IEEE S&P 2024 paper, "FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning.
Language:Jupyter Notebook 85MaheshShukla1 / SOC-Analyst-Notes
Comprehensive SOC Analyst notes covering incident response, threat hunting, SOC workflows, and cybersecurity concepts—perfect for exam prep and skill-building in blue team operations.
- SyntheticSun
jonrau1 / SyntheticSun
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.
Language:Python 80 - esxi-testing-toolkit
AlbinoGazelle / esxi-testing-toolkit
🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.
Language:Python 79 - PhishingSecLists
spmedia / PhishingSecLists
To be used with tools like GoBuster & DirBuster but these lists are specifically tailored and designed for scanning phishing <>< landing pages and other malicious or sketch af financial/crypto fraud websites.
An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
Language:Python 58- ThreatHunting-Keywords-sigma-rules
mthcht / ThreatHunting-Keywords-sigma-rules
Sigma detection rules for hunting with the threathunting-keywords project
Language:Python 56 elbraino / awesome-blackhat-arsenal
Curated collection of cybersecurity tools featured in Black Hat Arsenal events.
Language:Python 55Loginsoft-LLC / threat-detection-rules
Threat Detection & Anomaly Detection rules for popular open-source components
swisscom / detections
Threat intelligence and threat detection indicators (IOC, IOA)
Language:YARA 52alexhraber / flowhawk
Real-time eBPF-powered network security monitor with AI-driven threat detection. Surfaces port scans, DDoS attacks, botnet activity, and anomalies at 100Gbps+ speeds with sub-microsecond latency (~150 million packets/sec).
Language:Go 49paulveillard / cybersecurity-threat-detection
An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Detection & Hunting.
