An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
☆60Mar 12, 2022Updated 3 years ago
Alternatives and similar repositories for detection-as-code
Users that are interested in detection-as-code are comparing it to the libraries listed below
Sorting:
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆68Apr 29, 2024Updated last year
- A POC to implement Detection-as-Code with Terraform and Sumo Logic.☆31Jul 27, 2023Updated 2 years ago
- Threat Detection & Anomaly Detection rules for popular open-source components☆53Jul 27, 2022Updated 3 years ago
- Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)☆532Feb 15, 2026Updated last week
- [ARCHIVED -- USE TXT2DETECTION] A command line tool that converts Sigma Rules into STIX 2.1 Objects.☆12Feb 19, 2026Updated last week
- 🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.☆14May 22, 2024Updated last year
- Collection of example YARA-L rules for use within Google Security Operations☆473Dec 5, 2025Updated 2 months ago
- This is a collection of threat detection rules / rules engines that I have come across.☆296May 5, 2024Updated last year
- Threat Feeds, Threat lists, and regular lists of known IP ranges and domains. It updates every 4 hours.☆16May 21, 2021Updated 4 years ago
- Short deep dive into Threat Hunting on AWS☆17Oct 15, 2023Updated 2 years ago
- ☆11Feb 9, 2023Updated 3 years ago
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆17Mar 10, 2023Updated 2 years ago
- Splunk Security Content☆1,575Updated this week
- Collection of Slides From My Conference Talks☆20Nov 21, 2022Updated 3 years ago
- Built-in Panther detection rules and policies☆439Updated this week
- simple webapp for converting sigma rules into siem queries using the pySigma library☆52Sep 1, 2023Updated 2 years ago
- ☆15Jul 20, 2022Updated 3 years ago
- Resources To Learn And Understand SIGMA Rules☆183Feb 14, 2023Updated 3 years ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆118Jan 22, 2026Updated last month
- Sigma rule specification☆172Feb 5, 2026Updated 3 weeks ago
- Sigma Detection Rule Repository☆92Jun 18, 2020Updated 5 years ago
- This is a python tool aiming to make using TheHive webhooks easier.☆28Oct 23, 2020Updated 5 years ago
- ☆20Jan 12, 2022Updated 4 years ago
- Cybersecurity Ontology (CyberOnto) and Situational Awareness (CyberSA) help teamwork in Cyber Incident Responses, Control, Containment, a…☆10Sep 15, 2022Updated 3 years ago
- Automating Security Detection Engineering, published by Packt☆67Oct 12, 2024Updated last year
- Cleanup of older MISP events can require some work until now☆27Sep 13, 2025Updated 5 months ago
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆413Nov 8, 2025Updated 3 months ago
- Threat Hunting & Incident Investigation with Osquery☆216Mar 30, 2022Updated 3 years ago
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆289Feb 5, 2024Updated 2 years ago
- Collection of Dashboards for Threat Hunting and more!☆74Oct 17, 2020Updated 5 years ago
- Defending IaaS with ATT&CK is a project to create a collection of ATT&CK techniques relevant to a Linux IaaS environment, as well as a me…☆14May 28, 2025Updated 9 months ago
- A GPT-based chatbot who knows the content of your Confluence wiki.☆14Apr 22, 2025Updated 10 months ago
- Some python scripts I wrote that help with various specialized AWS security things☆10Jan 15, 2020Updated 6 years ago
- Assorted, MIT licensed, threat hunting rules from @bradleyjkemp☆14Mar 11, 2022Updated 3 years ago
- Anvilogic Forge☆114Sep 18, 2025Updated 5 months ago
- ☆11Dec 9, 2025Updated 2 months ago
- Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.☆133Feb 10, 2026Updated 2 weeks ago
- ☆99Sep 16, 2022Updated 3 years ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆804Jan 14, 2026Updated last month