Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
☆1,201May 16, 2026Updated last week
Alternatives and similar repositories for awesome-detection-engineering
Users that are interested in awesome-detection-engineering are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆292Feb 5, 2024Updated 2 years ago
- ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️☆4,598Jan 5, 2026Updated 4 months ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆61Mar 12, 2022Updated 4 years ago
- Splunk Security Content☆1,628Updated this week
- A framework for developing alerting and detection strategies for incident response.☆875Sep 8, 2025Updated 8 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆814Jan 14, 2026Updated 4 months ago
- A repository of my own Sigma detection rules.☆165Nov 25, 2025Updated 5 months ago
- ☆2,585Updated this week
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,694May 10, 2026Updated 2 weeks ago
- Main Sigma Rule Repository☆10,451May 15, 2026Updated last week
- This is a collection of threat detection rules / rules engines that I have come across.☆300May 5, 2024Updated 2 years ago
- Detect Tactics, Techniques & Combat Threats☆2,292Apr 29, 2026Updated 3 weeks ago
- Granular, Actionable Adversary Emulation for the Cloud☆2,326Updated this week
- A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…☆2,495May 9, 2026Updated 2 weeks ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- ☆101Sep 16, 2022Updated 3 years ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,559Jan 12, 2026Updated 4 months ago
- A repository of curated datasets from various attacks☆771Updated this week
- Built-in Panther detection rules and policies☆452Updated this week
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆339May 7, 2026Updated 2 weeks ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆69Apr 29, 2024Updated 2 years ago
- Mapping of open-source detection rules and atomic tests.☆211Feb 16, 2026Updated 3 months ago
- Collection of example YARA-L rules for use within Google Security Operations☆491May 18, 2026Updated last week
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,951May 14, 2026Updated last week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Resources To Learn And Understand SIGMA Rules☆185Feb 14, 2023Updated 3 years ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆655Aug 4, 2025Updated 9 months ago
- Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS☆1,672Jan 8, 2025Updated last year
- pocket guide for core detection engineering concepts☆31May 8, 2023Updated 3 years ago
- A curated knowledge base to build, run and mature a SOC (including CSIRT).☆1,731May 18, 2026Updated last week
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆652Jun 19, 2024Updated last year
- Anvilogic Forge☆119Mar 31, 2026Updated last month
- A curated list of resources about detecting threats and defending Kubernetes systems.☆407Sep 2, 2023Updated 2 years ago
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆223Sep 4, 2024Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.☆2,106May 28, 2025Updated 11 months ago
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆538Apr 30, 2026Updated 3 weeks ago
- Hunting queries and detections☆907May 7, 2026Updated 2 weeks ago
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,962Jul 6, 2024Updated last year
- Awesome Security lists for SOC/CERT/CTI☆1,462Updated this week
- Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by devel…☆739May 15, 2026Updated last week
- A curated list of tools for incident response☆9,039May 6, 2026Updated 2 weeks ago