threat-detection

There are 6 repositories under threat-detection topic.

• 0x4D31 / awesome-threat-detection

  ✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

  awesomeawesome-listthreat-huntingsecuritydetectionthreat-detectionincident-response
  3328

• DataDog / stratus-red-team

  :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

  awsadversary-emulationpurple-teammitre-attackcloud-securitycloud-native-securitydetection-engineeringthreat-detectionsecurityaws-securityazure-securitykubernetes-securitygcp-security
  Language:Go 1618

• akto-api-security / akto

  Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

  api-securityapi-discoveryapi-security-testingapi-testingauthenticationauthorizationdevsecopsidorowasp-top-10securitysecurity-testingsensitive-data-exposurethreat-detectionhacktoberfesthacktoberfest2023devsecops-pipelinedockerdocker-composereact
  Language:Java 817
• Watcher

  thalesgroup-cert / Watcher

  Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

  cybersecuritythreat-huntingdjangoreactjsrss-bridgemispthehivesecurityincident-responsethreat-detectionthreat-intelligencenltkwatchercertificate-transparencycertstreamosintosint-pythonwebappmonitoringphishing
  Language:Python 793
• Threat-Hunting-and-Detection

  Cyb3r-Monk / Threat-Hunting-and-Detection

  Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

  cybersecuritydefender-for-endpointdetection-engineeringdfirkqlkusto-languagemicrosoft-sentinelthreat-detectionthreat-hunting
  Language:Jupyter Notebook 558

• infosecB / awesome-detection-engineering

  Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.

  detection-engineeringsplunkmitreawesome-listawesomecybersecuritythreat-detection
  549

• aws-samples / aws-security-workshops

  A collection of the latest AWS Security workshops

  awssecurityworkshopthreat-detectionidentityaws-iamamazon-guarddutylambdaamazon-cognitoaws-securityaws-security-hubcloudwatch-eventsdetectprotectrespondinspector
  Language:Jupyter Notebook 427

• cyb3rmik3 / KQL-threat-hunting-queries

  A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

  kqlkustomicrosoftsecuritycentersentinelkusto-querykusto-query-languagemicrosoft-365microsoft-365-defendermicrosoft-365-securitymicrosoft-securitymicrosoft-sentinelsecuritythreat-detectionthreat-huntthreat-huntingthreat-detectingmicrosoft-xdrmicrosoftxdr
  369

• olafhartong / ATTACKdatamap

  A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

  dfirmitre-attackthreat-huntingthreat-detectionsiem
  Language:PowerShell 344

• DataDog / threatest

  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.

  continuous-securitydetection-engineeringsecurity-automationthreat-detection
  Language:Go 303

• kunai-project / kunai

  Threat-hunting tool for Linux

  ebpflinuxsecurity-monitoringthreat-detectionthreat-hunting
  Language:Rust 261

• jackaduma / SecBERT

  pretrained BERT model for cyber security text, learned CyberSecurity Knowledge

  cybersecuritysecuritynlpbertbert-embeddingsnlp-machine-learningdeeplearningattentiontransformerstransformer-encodercyber-securitysecurity-automationaptmachine-learning-securitydeep-learning-securitycyber-threat-intelligencethreat-intelligencethreat-huntingthreat-detectionthreat-analysis
  Language:Python 132

• ecstatic-nobel / Analyst-Arsenal

  A toolkit for Security Researchers

  osintcybersecuritypythonthreat-intelligencethreat-huntingthreat-analysismalware-analysiscertificate-transparencyscannerthreat-detectioncertstreamwebshellopendirdefacedinfosec
  Language:Python 124

• MFMokbel / Crawlector

  Crawlector is a threat hunting framework designed for scanning websites for malicious objects.

  malware-detectionthreat-huntingthreat-detection
  120
• WebSecProbe

  spyboy-productions / WebSecProbe

  Bypass 403

  bypass-403header-injectionhistorical-analysisthreat-detectionurl-manipulationvulnerability-assessmentweb-application-securityhttp-request-analysispayload-variationssecurity-assessment-toolwayback-machine-integrationweb-security-auditweb-vulnerability-detectionaccess-403
  Language:Jupyter Notebook 98

• ine-labs / ThreatSeeker

  ThreatSeeker: Threat Hunting via Windows Event Logs

  evtxlog-analysissysmonthreatthreat-detectionthreat-intelligencewindows
  Language:Python 85
• SyntheticSun

  jonrau1 / SyntheticSun

  SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

  threat-intelligencemachine-learninganomaly-detectionaws-securityaws-serverlessserverlessautomationgeolocationthreat-detectionguarddutysecurity-automationsecurity-toolsawssagemakerincident-responsekibanaelasticsearchdata-sciencedata-visualizationmisp
  Language:Python 74

• swisscom / detections

  Threat intelligence and threat detection indicators (IOC, IOA)

  indicators-of-compromiseindicatorsdetectionthreat-detection
  Language:YARA 51

• Loginsoft-Research / detection-rules

  Threat Detection & Anomaly Detection rules for popular open-source components

  siemthreat-detectionsigmaelasticsearchanomaly-detectionthreat-huntingsplunk
  48

• infosecB / detection-as-code

  An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.

  threat-detectioncybersecuritydetection-engineeringblueteam
  Language:Python 42
• ThreatHunting-Keywords-sigma-rules

  mthcht / ThreatHunting-Keywords-sigma-rules

  Sigma detection rules for hunting with the threathunting-keywords project

  blueteamdetection-engineeringdetection-rulessiemsigma-rulesthreat-detectionthreat-huntingthreathuntingdfirforensicartifactsmitre-attack
  Language:Python 41

• Truvis / Suricata_Threat-Hunting-Rules

  Collection of Suricata rule sets that I use modified to my environments.

  suricatasuricata-rulessuricata-rulesnortsnort-rulessnort-rules-generatesnort3securitythreat-intelligencethreat-huntingthreat-detectionthreat-analysisthreat-responsethreat-monitorthreat-intelthreat-gridnetwork-securitynetwork-monitoringnetwork-analysissecurity-awareness
  36

• 0xN3utr0n / Kanis

  Advanced threat detection solution for Linux.

  idsmalwareantiviruslinuxrootkitthreat-detectioncontainersdockercontainer-securityyara-scanneryaraendpoint-security
  Language:Go 35

• thremulation-station / thremulation-station

  Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.

  atomicredteamelasticsecuritythreat-detectionthreat-hunting
  Language:Shell 34
• Detect-X-app

  shoumikgoswami / Detect-X-app

  Detect-X Automated Threat Detection by AI

  baggage-detectionxray-detectioncomputer-visionthreat-detection
  Language:Jupyter Notebook 30

• paulveillard / cybersecurity-threat-detection

  An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Detection & Hunting.

  cybersecurityencryption-decryptionmalware-analysismalware-detectionmalware-developmentsecurity-toolssecurity-vulnerabilitythreat-analysisthreat-blockerthreat-detectionthreat-detection-policythreat-explorerthreat-huntingthreat-intelligencethreat-modelingthreat-monitorthreat-response
  27
• foretoken

  domgolonka / foretoken

  A blazing fast, highly customizable, modern-day defence tool using (in memory) SQL & REST/gRPC protocols.

  securitysecurity-toolsthreatsmodern-threatssecurity-automationthreat-detectiondatabaserestful-apigrpcgrpc-protocolsvpntorspamproxyregexfraud-scoresregular-expressionconsuletcdv3zookeeper
  Language:Go 21

• patternex / awesome-ml-for-threat-detection

  A curated list of resources to deep dive into the intersection of applied machine learning and threat detection.

  threat-detectionmachine-learningpapersmachine-learning-systemscybersecurityawesome-listmachine-learning-operationsapplied-machine-learning
  18

• advanced-threat-research / Expert-Rules

  securitythreat-detection
  17

• aptresearch / datasets

  advanced-persistent-threatadvanced-persistent-threat-dataaptapt-dataaptdatacyber-securitydatasetthreat-detection
  15
• TheWatchList

  SCS-Labs / TheWatchList

  Threat Feeds, Threat lists, and regular lists of known IP ranges and domains. It updates every 4 hours.

  threatviewthreat-intelligencethreatintelthreatintelligencethreat-sharingthreatthreat-huntingthreat-analysisthreat-responsethreat-detectioncyber-threat-coalitionlists
  13

• ecstatic-nobel / Not-Anti-Virus

  An attmept to block malware before AV scans it.

  antivirusemotetmalwarephishingosweepposintaisle25notavthreat-huntingthreat-detectionblueteamautomationcyberdifrinfosecosint
  Language:JavaScript 11

• TeMiroYteHasheo / The-Hunters-Framework

  Project to Support The Hunter's Framework (THF)

  threathuntingthreat-huntingthreat-detectionthfcybersecuritycybersecurity-education
  11

• anubhavsaxena14 / Threat-Detection-using-Sentiment-Analysis

  Threat Detection System using Hybrid (Machine Learning + Lexical Analysis) learning Approach.

  pythonnumpysentiment-analysisnltk-librarylexical-analysisneural-networksthreat-detectionanacondamachine-learninghidden-layerslexiconspyder
  Language:Python 9

• gabrielcurrie / nist-cybersecurity-library

  Technical cyber security resources across the NIST cyber security framework lifecycle

  cybersecurityincident-responsethreat-detectionmonitoringwindows
  9

• wisepythagoras / honeyshell

  An SSH honeypot written entirely in Go.

  gogolangsshssh-serverssh-honeypothoneypothoneypotsinfoseccybersecuritycyber-securityinformation-securitythreatintelthreat-intelligencethreat-huntingthreat-sharingthreat-analysisthreat-detectionthreat-intel
  Language:Go 7