Threat Detection & Anomaly Detection rules for popular open-source components
☆53Jul 27, 2022Updated 3 years ago
Alternatives and similar repositories for threat-detection-rules
Users that are interested in threat-detection-rules are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- SIEGMA - Transform Sigma rules into SIEM consumables☆159Mar 10, 2025Updated last year
- Threat Feeds, Threat lists, and regular lists of known IP ranges and domains. It updates every 4 hours.☆16May 21, 2021Updated 4 years ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆60Mar 12, 2022Updated 4 years ago
- My logstash plugins. Filter: sig (for security detect -> IOC, sig, New value, Reference, link, frequence, ...). Output: alert created by …☆10Jul 26, 2019Updated 6 years ago
- An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and vide…☆48Nov 11, 2022Updated 3 years ago
- A Sigma based detection pipeline☆12Dec 15, 2023Updated 2 years ago
- A curated list of resources to deep dive into the intersection of applied machine learning and threat detection.☆19Sep 23, 2020Updated 5 years ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆291Jan 15, 2024Updated 2 years ago
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆39Dec 17, 2025Updated 3 months ago
- Cyber Threats Detection Rules☆14Sep 16, 2025Updated 6 months ago
- Knowledge base of analytics designed to cover threats based on MITRE's ATT&CK.☆23Dec 13, 2018Updated 7 years ago
- A POC to implement Detection-as-Code with Terraform and Sumo Logic.☆31Jul 27, 2023Updated 2 years ago
- ⚠️ ARCHIVED**: This repository is no longer actively maintained. All Sigma rules are now managed and available in SIEM Rules☆12Updated this week
- Import specific data sources into the Sigma generic and open signature format.☆79May 6, 2022Updated 3 years ago
- This repository contains Splunk queries to hunt some anomalies☆46Jul 28, 2022Updated 3 years ago
- A script to create and assign SOP tasks into the cases☆20Aug 16, 2020Updated 5 years ago
- This directory contains random scripts from threat hunting or malware research☆11Feb 15, 2018Updated 8 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- certstream + analytics☆11Jan 17, 2020Updated 6 years ago
- Bring Your Own Mitre Att&ck © Matrix !☆13Oct 19, 2023Updated 2 years ago
- 🌦️ Domain Ranker☆16Sep 7, 2019Updated 6 years ago
- Pritunl Access Control System☆10Feb 16, 2023Updated 3 years ago
- Security event correlation engine for ELK stack☆445Jun 26, 2024Updated last year
- A test case runner for Sigma rules☆14Aug 14, 2024Updated last year
- ☆21May 19, 2016Updated 9 years ago
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆416Nov 8, 2025Updated 4 months ago
- Threat Detection Rules (Snort/Sigma/Yara)☆14Jan 23, 2024Updated 2 years ago
- ☆28Nov 25, 2025Updated 4 months ago
- Check Sigma rules for easy-to-bypass whitelists to make them more robust (https://github.com/SigmaHQ/sigma)☆15Feb 1, 2021Updated 5 years ago
- simple webapp for converting sigma rules into siem queries using the pySigma library☆50Sep 1, 2023Updated 2 years ago
- Snort_rules detection bad actors.☆29Aug 18, 2024Updated last year
- Threat Detection System using Hybrid (Machine Learning + Lexical Analysis) learning Approach.☆11May 30, 2017Updated 8 years ago
- Meer is a "spooler" for Suricata / Sagan.☆30Jun 21, 2023Updated 2 years ago
- A repository to share contributions related to TheHive Project☆22Sep 15, 2021Updated 4 years ago
- FIles and guides related to using Elasticstack as a SIEM☆12May 16, 2020Updated 5 years ago
- Old home of LimaCharlie, open source EDR☆32Sep 4, 2023Updated 2 years ago
- Collection of example YARA-L rules for use within Google Security Operations☆480Dec 5, 2025Updated 3 months ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆68Apr 29, 2024Updated last year
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆21Jul 1, 2023Updated 2 years ago