A collection of Sigma rules organized by MITRE ATT&CK technique
☆18Jul 26, 2021Updated 4 years ago
Alternatives and similar repositories for sigma-rules
Users that are interested in sigma-rules are comparing it to the libraries listed below
Sorting:
- ☆19Oct 23, 2020Updated 5 years ago
- Sigma Detection Rule Repository☆92Jun 18, 2020Updated 5 years ago
- RenameLocalVars is an IDA plugin that renames local variables to something easier to read.�☆15Jul 9, 2023Updated 2 years ago
- Sigma rules from Joe Security☆233Nov 4, 2024Updated last year
- A collection of pcaps☆16Jul 5, 2015Updated 10 years ago
- Alternative password shadowing scheme☆10Feb 22, 2026Updated last month
- ☆11Feb 9, 2023Updated 3 years ago
- OpenCSPM Community Controls☆14May 18, 2021Updated 4 years ago
- 🌌 Real-time threat detection for smart contracts☆10May 16, 2023Updated 2 years ago
- SIEM Detection Use Case Library mapped to MITRE ATT&CK tactics and techniques☆12Oct 28, 2018Updated 7 years ago
- SharpReg is a simple code set to interact with the Remote Registry service api and is compatible with Cobalt Strike.☆28Apr 12, 2020Updated 5 years ago
- Event Query Router☆12Aug 9, 2019Updated 6 years ago
- This directory contains random scripts from threat hunting or malware research☆11Feb 15, 2018Updated 8 years ago
- ☆36Nov 26, 2024Updated last year
- ☆33Apr 7, 2020Updated 5 years ago
- Rules generated from our investigations.☆204Jun 17, 2025Updated 9 months ago
- Continuous External Attack Surface Discovery & Vulnerability Scanning Across AWS Organizations — Python CDK☆13Mar 6, 2026Updated 2 weeks ago
- CLI Search for Security Operators of MITRE ATT&CK URLs☆17Jan 5, 2023Updated 3 years ago
- Scripts and tools accompanying HP Threat Research blog posts and reports.☆50Apr 10, 2024Updated last year
- Legacy password hashing framework for PHP applications needing to support or having previously supported PHP below 5.5☆16Nov 22, 2024Updated last year
- Certipy in Docker☆13Mar 28, 2024Updated last year
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆416Nov 8, 2025Updated 4 months ago
- Generate representative samples from Pwned Passwords (HIBP)☆11Jan 6, 2022Updated 4 years ago
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆215Updated this week
- Command line tool for analyzing .json files generated by bloodhound.py or sharphound for use in Bloodhound.☆20Jan 12, 2019Updated 7 years ago
- Queries for Carbon Black Response☆11Feb 11, 2020Updated 6 years ago
- ☆13Mar 15, 2022Updated 4 years ago
- A triage data collection script for macOS☆29Nov 27, 2020Updated 5 years ago
- ☆21May 8, 2022Updated 3 years ago
- A simple linter for Sigma rules☆13Oct 22, 2020Updated 5 years ago
- Lifetime AMSI bypass.☆36Apr 21, 2025Updated 11 months ago
- ☆19Jun 16, 2021Updated 4 years ago
- AMSI Bypass for powershell☆30Apr 26, 2022Updated 3 years ago
- Test Suite for John the Ripper☆25Dec 28, 2025Updated 2 months ago
- Quick script to build host or investigation timelines using Carbon Black Response☆12Sep 25, 2018Updated 7 years ago
- Ejemplo mostrado en la charla de Vue+Django en el meetup de Vue.js 12/Sep/2017☆10Sep 13, 2017Updated 8 years ago
- Small container runtime for threat detection☆14Apr 13, 2025Updated 11 months ago
- Script to retrieve the list of AWS Services and their one-line descriptions☆37Dec 25, 2020Updated 5 years ago
- Cloud threat detection visualization from excalidraw☆12Apr 25, 2022Updated 3 years ago