Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
☆1,155Dec 19, 2025Updated 3 months ago
Alternatives and similar repositories for awesome-detection-engineering
Users that are interested in awesome-detection-engineering are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆290Feb 5, 2024Updated 2 years ago
- ✨ A curated list of awesome threat detection and hunting resources 🕵️♂️☆4,541Jan 5, 2026Updated 2 months ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆60Mar 12, 2022Updated 4 years ago
- Splunk Security Content☆1,589Updated this week
- A framework for developing alerting and detection strategies for incident response.☆852Sep 8, 2025Updated 6 months ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆806Jan 14, 2026Updated 2 months ago
- A repository of my own Sigma detection rules.☆164Nov 25, 2025Updated 3 months ago
- ☆2,525Updated this week
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,661Mar 9, 2026Updated 2 weeks ago
- Main Sigma Rule Repository☆10,224Updated this week
- This is a collection of threat detection rules / rules engines that I have come across.☆297May 5, 2024Updated last year
- Detect Tactics, Techniques & Combat Threats☆2,269Jan 21, 2026Updated 2 months ago
- Granular, Actionable Adversary Emulation for the Cloud☆2,283Mar 12, 2026Updated last week
- A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…☆2,460Updated this week
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,501Jan 12, 2026Updated 2 months ago
- ☆99Sep 16, 2022Updated 3 years ago
- A repository of curated datasets from various attacks☆746Mar 18, 2026Updated last week
- Built-in Panther detection rules and policies☆441Updated this week
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆339Mar 17, 2026Updated last week
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆68Apr 29, 2024Updated last year
- Mapping of open-source detection rules and atomic tests.☆204Feb 16, 2026Updated last month
- Collection of example YARA-L rules for use within Google Security Operations☆480Dec 5, 2025Updated 3 months ago
- Resources To Learn And Understand SIGMA Rules☆183Feb 14, 2023Updated 3 years ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆648Aug 4, 2025Updated 7 months ago
- Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS☆1,662Jan 8, 2025Updated last year
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆644Jun 19, 2024Updated last year
- A curated knowledge base to build, run and mature a SOC (including CSIRT).☆1,679Updated this week
- pocket guide for core detection engineering concepts☆31May 8, 2023Updated 2 years ago
- Anvilogic Forge☆116Sep 18, 2025Updated 6 months ago
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,934Jan 20, 2026Updated 2 months ago
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆526Feb 25, 2026Updated last month
- A curated list of resources about detecting threats and defending Kubernetes systems.☆407Sep 2, 2023Updated 2 years ago
- An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.☆2,081May 28, 2025Updated 9 months ago
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆223Sep 4, 2024Updated last year
- Automate the creation of a lab environment complete with security tooling and logging best practices☆4,921Jul 6, 2024Updated last year
- Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by devel…☆722Nov 14, 2025Updated 4 months ago
- Hunting queries and detections☆891Oct 30, 2025Updated 4 months ago
- Elastic Security detection content for Endpoint☆1,389Mar 16, 2026Updated last week
- AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE…☆1,206Dec 29, 2025Updated 2 months ago