Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
☆1,181Apr 30, 2026Updated this week
Alternatives and similar repositories for awesome-detection-engineering
Users that are interested in awesome-detection-engineering are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆291Feb 5, 2024Updated 2 years ago
- ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️☆4,580Jan 5, 2026Updated 4 months ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆61Mar 12, 2022Updated 4 years ago
- Splunk Security Content☆1,620Updated this week
- A framework for developing alerting and detection strategies for incident response.☆870Sep 8, 2025Updated 7 months ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆812Jan 14, 2026Updated 3 months ago
- A repository of my own Sigma detection rules.☆165Nov 25, 2025Updated 5 months ago
- ☆2,563Updated this week
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,687Apr 13, 2026Updated 3 weeks ago
- Main Sigma Rule Repository☆10,386Updated this week
- This is a collection of threat detection rules / rules engines that I have come across.☆298May 5, 2024Updated last year
- Detect Tactics, Techniques & Combat Threats☆2,286Updated this week
- Granular, Actionable Adversary Emulation for the Cloud☆2,304Updated this week
- A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…☆2,478Apr 26, 2026Updated last week
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- ☆99Sep 16, 2022Updated 3 years ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,541Jan 12, 2026Updated 3 months ago
- A repository of curated datasets from various attacks☆764Updated this week
- Built-in Panther detection rules and policies☆448Updated this week
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆341Apr 26, 2026Updated last week
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆69Apr 29, 2024Updated 2 years ago
- Mapping of open-source detection rules and atomic tests.☆209Feb 16, 2026Updated 2 months ago
- Collection of example YARA-L rules for use within Google Security Operations☆489Apr 20, 2026Updated 2 weeks ago
- Resources To Learn And Understand SIGMA Rules☆185Feb 14, 2023Updated 3 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,951Apr 28, 2026Updated last week
- Awesome list of keywords and artifacts for Threat Hunting sessions☆655Aug 4, 2025Updated 9 months ago
- Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS☆1,670Jan 8, 2025Updated last year
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆647Jun 19, 2024Updated last year
- A curated knowledge base to build, run and mature a SOC (including CSIRT).☆1,719Updated this week
- pocket guide for core detection engineering concepts☆31May 8, 2023Updated 2 years ago
- Anvilogic Forge☆118Mar 31, 2026Updated last month
- A curated list of resources about detecting threats and defending Kubernetes systems.☆408Sep 2, 2023Updated 2 years ago
- An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.☆2,096May 28, 2025Updated 11 months ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆223Sep 4, 2024Updated last year
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆536Feb 25, 2026Updated 2 months ago
- Hunting queries and detections☆901Oct 30, 2025Updated 6 months ago
- Awesome Security lists for SOC/CERT/CTI☆1,437Updated this week
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,954Jul 6, 2024Updated last year
- Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by devel…☆738Updated this week
- A curated list of tools for incident response☆9,009Jul 18, 2024Updated last year