Alternatives and similar repositories for ThreatHunting-Keywords-sigma-rules

Users that are interested in ThreatHunting-Keywords-sigma-rules are comparing it to the libraries listed below

• mthcht / ThreatHunting-Keywords-yara-rules

  View on GitHub
  yara detection rules for hunting with the threathunting-keywords project
  ☆157May 11, 2025Updated 9 months ago
• nasbench / Misc-Research

  View on GitHub
  A collection of tools, scripts and personal research
  ☆155Feb 2, 2026Updated last week
• NextronSystems / evtx-baseline

  View on GitHub
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆86Dec 17, 2025Updated last month
• mthcht / Purpleteam

  View on GitHub
  Purpleteam scripts simulation & Detection - trigger events for SOC detections
  ☆192Dec 20, 2024Updated last year
• NextronSystems / iocs

  View on GitHub
  Indicators of compromise from to analysis and research by Nextron Threat Research team
  ☆12Sep 17, 2025Updated 4 months ago
• mdecrevoisier / SIGMA-detection-rules

  View on GitHub
  Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques
  ☆412Nov 8, 2025Updated 3 months ago
• Cluster25 / detection

  View on GitHub
  Threat Detection Rules (Snort/Sigma/Yara)
  ☆14Jan 23, 2024Updated 2 years ago
• Yamato-Security / sigma-to-hayabusa-converter

  View on GitHub
  Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.
  ☆16Oct 22, 2025Updated 3 months ago
• wagga40 / Zircolite-Rules

  View on GitHub
  Sigma rules converted for direct use with Zircolite
  ☆14Updated this week
• frack113 / sigma_redcanaryco

  View on GitHub
  Knowing which rule should trigger according to the redcannary test
  ☆11Nov 23, 2024Updated last year
• mbabinski / Sigma-Rules

  View on GitHub
  A repository of my own Sigma detection rules.
  ☆163Nov 25, 2025Updated 2 months ago
• Sam0x90 / CB-Threat-Hunting

  View on GitHub
  CarbonBlack EDR detection rules and response actions
  ☆73Sep 10, 2024Updated last year
• Cyb3r-Monk / Threat-Hunting-and-Detection

  View on GitHub
  Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
  ☆801Jan 14, 2026Updated last month
• joeavanzato / velociraptor-timeline-creator

  View on GitHub
  VTC - Velociraptor Timeline Creator
  ☆19May 15, 2024Updated last year
• HarfangLab / iocs

  View on GitHub
  Indicators of compromise
  ☆17Jan 29, 2026Updated 2 weeks ago
• cybergoatpsyops / detections

  View on GitHub
  Placeholder for my detection repo and misc detection engineering content
  ☆42Oct 20, 2023Updated 2 years ago
• cyb3rmik3 / Hunting-Lists

  View on GitHub
  A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.
  ☆33Jul 23, 2024Updated last year
• SigmaHQ / legacy-sigmatools

  View on GitHub
  Legacy Sigma Tools (sigmac etc.)
  ☆15May 7, 2023Updated 2 years ago
• weslambert / velocistack

  View on GitHub
  ☆54May 14, 2024Updated last year
• mgreen27 / DetectRaptor

  View on GitHub
  A repository to share publicly available Velociraptor detection content
  ☆196Feb 8, 2026Updated last week
• 0xAnalyst / DefenderATPQueries

  View on GitHub
  Hunting Queries for Defender ATP
  ☆83Dec 14, 2025Updated 2 months ago
• magicsword-io / sigconverter.io

  View on GitHub
  An opensource sigma conversion tool built using pysigma
  ☆158Updated this week
• vadim-hunter / Detection-Ideas-Rules

  View on GitHub
  Detection Ideas & Rules repository.
  ☆178Sep 10, 2021Updated 4 years ago
• JouniMi / TheDFIRThing

  View on GitHub
  ☆22Aug 29, 2024Updated last year
• sk4la / volatility3-docker

  View on GitHub
  Volatility, on Docker 🐳
  ☆41Nov 20, 2025Updated 2 months ago
• tsale / Sigma_rules

  View on GitHub
  Sigma rules to share with the community
  ☆124Jan 29, 2025Updated last year
• ThreatLabz / iocs

  View on GitHub
  This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports
  ☆79Jan 26, 2026Updated 2 weeks ago
• JouniMi / Threathunt.blog

  View on GitHub
  Queries from the blog posts.
  ☆15Oct 6, 2024Updated last year
• mthcht / ThreatIntel-Reports

  View on GitHub
  Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports
  ☆150Updated this week
• pe3zx / crowdstrike-falcon-queries

  View on GitHub
  A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon
  ☆214May 23, 2020Updated 5 years ago
• pe3zx / mthc

  View on GitHub
  All-in-one bundle of MISP, TheHive and Cortex
  ☆169Sep 27, 2022Updated 3 years ago
• alexverboon / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Microsoft Defender, Microsoft Sentinel
  ☆194Dec 22, 2025Updated last month
• cyb3rmik3 / KQL-threat-hunting-queries

  View on GitHub
  A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…
  ☆754Aug 28, 2025Updated 5 months ago
• jatrost / awesome-detection-rules

  View on GitHub
  This is a collection of threat detection rules / rules engines that I have come across.
  ☆296May 5, 2024Updated last year
• mandiant / capa-testfiles

  View on GitHub
  Data to test capa's code and rules.
  ☆47Jan 28, 2026Updated 2 weeks ago
• ruppde / yara_rules

  View on GitHub
  Yara rules
  ☆22Mar 27, 2023Updated 2 years ago
• mthcht / awesome-lists

  View on GitHub
  Awesome Security lists for SOC/CERT/CTI
  ☆1,239Updated this week
• Bert-JanP / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…
  ☆1,634Updated this week
• malpedia / signator-rules

  View on GitHub
  Collection of rules created using YARA-Signator over Malpedia
  ☆142Jan 6, 2026Updated last month