certeu/droid

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/certeu/droid)

certeu / droid

A pySigma wrapper to manage detection rules.

☆45

Alternatives and similar repositories for droid

Users that are interested in droid are comparing it to the libraries listed below

Sorting:

CERT-Polska / training-mwdb
View on GitHub
MWDB exercises
☆20Jan 21, 2025Updated last year
NextronSystems / iocs
View on GitHub
Indicators of compromise from to analysis and research by Nextron Threat Research team
☆12Sep 17, 2025Updated 5 months ago
CD-R0M / YARA
View on GitHub
Hundred Days of Yara Challenge
☆12Jun 21, 2022Updated 3 years ago
Geekmaster-General / IOCs
View on GitHub
Storage for the IOCs I collect
☆11Mar 26, 2025Updated 11 months ago
eCrimeLabs / cratos-fastapi
View on GitHub
The CRATOS proxy API integrates with your MISP instance and allows to extract indicators that can be consumed by security components such…
☆13Sep 21, 2025Updated 5 months ago
conexioninversa / WOPR
View on GitHub
Globally distributed honeypots and HoneyNets IOCs and file reversing
☆16Apr 22, 2024Updated last year
magicsword-io / sigconverter.io
View on GitHub
An opensource sigma conversion tool built using pysigma
☆160Feb 9, 2026Updated 2 weeks ago
austinsonger / Elastic-Security
View on GitHub
Repo for Automations and other solutions for Elastic SIEM/Security.
☆18Jun 15, 2021Updated 4 years ago
AttackIQ / pySigma-backend-kusto
View on GitHub
☆44Nov 28, 2025Updated 3 months ago
cudeso / misp-tip-of-the-week
View on GitHub
A collection of tips for using MISP.
☆76Dec 11, 2024Updated last year
c3rb3ru5d3d53c / reworkshop
View on GitHub
API Hashing and String Decryption Reverse Engineering Workshop
☆20Jul 26, 2023Updated 2 years ago
DissectMalware / MDIExtractor
View on GitHub
☆15Nov 25, 2021Updated 4 years ago
Immersive-Labs-Sec / volatility_plugins
View on GitHub
Volatility 3 Plugins
☆21Oct 3, 2022Updated 3 years ago
AttackIQ / SigmAIQ
View on GitHub
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
☆92Nov 3, 2025Updated 3 months ago
Velocidex / pyvelociraptor
View on GitHub
PyVelociraptor contains the python bindings for the Velociraptor API.
☆21Feb 11, 2026Updated 2 weeks ago
malpedia / malpedia-flossed
View on GitHub
FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use.
☆72Jan 6, 2026Updated last month
mgreen27 / mcp-velociraptor
View on GitHub
VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.
☆70Aug 20, 2025Updated 6 months ago
Yamato-Security / hayabusa-sample-evtx
View on GitHub
Sample evtx files to use for testing hayabusa detection rules
☆65Nov 5, 2025Updated 3 months ago
mattkeeler / ansible-nutanix-inventory
View on GitHub
A dynamic inventory script for Ansible that interacts with the Nutanix API
☆27Feb 10, 2017Updated 9 years ago
adulau / pdns-qof
View on GitHub
Passive DNS Common Output Format
☆37Aug 30, 2024Updated last year
binalyze / tigma
View on GitHub
Sigma Engine implementation in TypeScript
☆28Mar 5, 2023Updated 2 years ago
mgreen27 / DetectRaptor
View on GitHub
A repository to share publicly available Velociraptor detection content
☆196Updated this week
tenzir / threatbus
View on GitHub
🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
☆269Mar 17, 2023Updated 2 years ago
Gaffx / volatility-mcp
View on GitHub
This repo hosts an MCP server for volatility3.x
☆39Jul 9, 2025Updated 7 months ago
theflakes / sigma_to_wazuh
View on GitHub
Convert Sigma rules to Wazuh rules
☆74Sep 13, 2025Updated 5 months ago
Yamato-Security / EnableWindowsLogSettings
View on GitHub
Documentation and scripts to properly enable Windows event logs.
☆672Oct 3, 2025Updated 4 months ago
mdecrevoisier / SIGMA-detection-rules
View on GitHub
Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques
☆413Nov 8, 2025Updated 3 months ago
FrankMcGovern / Hidden-Vendor-Security-Advisories
View on GitHub
This repo contains a list of vendors that hide their security advisories, alerts, notices, vulnerabilities, and more behind either a payw…
☆32May 11, 2024Updated last year
cudeso / dfir-iris-misp-timesketch
View on GitHub
Scripts to integrate DFIR-IRIS, MISP and TimeSketch
☆35Feb 2, 2022Updated 4 years ago
joesecurity / sigma-rules
View on GitHub
Sigma rules from Joe Security
☆232Nov 4, 2024Updated last year
0xAnalyst / DefenderATPQueries
View on GitHub
Hunting Queries for Defender ATP
☆83Dec 14, 2025Updated 2 months ago
socprime / Uncoder_IO
View on GitHub
An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
☆177Dec 2, 2025Updated 2 months ago
FalconForceTeam / KQLAnalyzer
View on GitHub
REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
☆51Sep 22, 2025Updated 5 months ago
biffalo / easy-wins-endpoint-defense
View on GitHub
Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…
☆38Apr 5, 2024Updated last year
github / KustoSchemaToolsAction
View on GitHub
This repository wraps the KustoSchemaTools into a CLI tool inside a container. This way it can be used as GitHub Action
☆11Oct 21, 2025Updated 4 months ago
northsh / detection.studio
View on GitHub
Convert Sigma rules to SIEM queries, directly in your browser.
☆111Jan 24, 2026Updated last month
mdecrevoisier / EVTX-to-MITRE-Attack
View on GitHub
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
☆612Dec 8, 2025Updated 2 months ago
cert-lv / graphoscope
View on GitHub
Graphoscope is a solution to access multiple independent data sources from a common UI and show data relations as a graph
☆41Sep 25, 2025Updated 5 months ago
SigmaHQ / sigma-cli
View on GitHub
The Sigma command line interface based on pySigma
☆177Feb 5, 2026Updated 3 weeks ago