Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
☆1,142Dec 19, 2025Updated 2 months ago
Alternatives and similar repositories for awesome-detection-engineering
Users that are interested in awesome-detection-engineering are comparing it to the libraries listed below
Sorting:
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆289Feb 5, 2024Updated 2 years ago
- ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️☆4,517Jan 5, 2026Updated 2 months ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆60Mar 12, 2022Updated 3 years ago
- Splunk Security Content☆1,576Feb 26, 2026Updated last week
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆804Jan 14, 2026Updated last month
- A framework for developing alerting and detection strategies for incident response.☆841Sep 8, 2025Updated 5 months ago
- A repository of my own Sigma detection rules.☆163Nov 25, 2025Updated 3 months ago
- ☆2,510Updated this week
- This is a collection of threat detection rules / rules engines that I have come across.☆296May 5, 2024Updated last year
- Main Sigma Rule Repository☆10,156Updated this week
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,638Feb 22, 2026Updated last week
- Detect Tactics, Techniques & Combat Threats☆2,264Jan 21, 2026Updated last month
- Collection of example YARA-L rules for use within Google Security Operations☆473Dec 5, 2025Updated 2 months ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,486Jan 12, 2026Updated last month
- Granular, Actionable Adversary Emulation for the Cloud☆2,267Updated this week
- A repository of curated datasets from various attacks☆726Updated this week
- Mapping of open-source detection rules and atomic tests.☆202Feb 16, 2026Updated 2 weeks ago
- A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…☆2,445Feb 24, 2026Updated last week
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆68Apr 29, 2024Updated last year
- Built-in Panther detection rules and policies☆439Updated this week
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆338Feb 13, 2026Updated 2 weeks ago
- A collection of sources of documentation, as well as field best practices, to build/run a SOC☆1,635Feb 23, 2026Updated last week
- Awesome list of keywords and artifacts for Threat Hunting sessions☆641Aug 4, 2025Updated 7 months ago
- ☆99Sep 16, 2022Updated 3 years ago
- An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.☆2,072May 28, 2025Updated 9 months ago
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,930Jan 20, 2026Updated last month
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆644Jun 19, 2024Updated last year
- Hunting queries and detections☆884Oct 30, 2025Updated 4 months ago
- Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS☆1,658Jan 8, 2025Updated last year
- Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by devel…☆719Nov 14, 2025Updated 3 months ago
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆520Feb 25, 2026Updated last week
- Elastic Security detection content for Endpoint☆1,380Feb 26, 2026Updated last week
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,908Jul 6, 2024Updated last year
- Re-play Security Events☆1,725Mar 20, 2024Updated last year
- A curated list of tools for incident response☆8,842Jul 18, 2024Updated last year
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆224Sep 4, 2024Updated last year
- A curated list of resources about detecting threats and defending Kubernetes systems.☆402Sep 2, 2023Updated 2 years ago
- Resources To Learn And Understand SIGMA Rules☆183Feb 14, 2023Updated 3 years ago
- Awesome Security lists for SOC/CERT/CTI☆1,263Updated this week