edelucia / rules
Cyber Threats Detection Rules
☆13Updated last month
Related projects ⓘ
Alternatives and complementary repositories for rules
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆44Updated 2 years ago
- Library of threat hunts to get any user started!☆40Updated 4 years ago
- Threat Box Assessment Tool☆19Updated 3 years ago
- Supporting materials for my "Intelligence-Led Adversarial Threat Modelling with VECTR" workshop☆56Updated 3 weeks ago
- Hunt malware with Volatility☆47Updated 6 months ago
- BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review.☆32Updated 4 years ago
- Automated detection rule analysis utility☆29Updated 2 years ago
- Repository for SPEED SIEM Use Case Framework☆52Updated 4 years ago
- Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.☆34Updated 2 years ago
- Repository with Sample threat hunting notebooks on Security Event Log Data Sources☆58Updated last year
- Searches for Insider Threat Hunting☆30Updated 5 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆20Updated 3 years ago
- A home for detection content developed by the delivr.to team☆59Updated 2 months ago
- ☆29Updated 3 years ago
- Sigma detection rules for hunting with the threathunting-keywords project☆47Updated last week
- A script to create and assign SOP tasks into the cases☆18Updated 4 years ago
- Threat Hunter's Knowledge Base☆21Updated 2 years ago
- ☆41Updated 7 months ago
- my MSTICpy practice and custom tools repository☆11Updated this week
- Automatic detection engineering technical state compliance☆50Updated 4 months ago
- A collection of Sigma rules organized by MITRE ATT&CK technique☆15Updated 3 years ago
- Learn how to get more out of publicly available threat reports to help improve the security posture of your organization! TLP: White Thre…☆15Updated last year
- CSIRT Jump Bag☆27Updated 6 months ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆17Updated last year
- ReWrite of AChoir in Go for Cross Platform☆34Updated 3 weeks ago
- Random notes collected on the intertubes relating to DFIR☆32Updated last year
- High-level Threat Intelligence playbooks☆16Updated 3 years ago
- ☆25Updated 3 years ago
- Random tips and tricks RE: ransomware☆14Updated 3 years ago
- simple webapp for converting sigma rules into siem queries using the pySigma library☆47Updated last year