reversinglabs/reversinglabs-siem-rules external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

reversinglabs/reversinglabs-siem-rules

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/reversinglabs/reversinglabs-siem-rules)

Close

reversinglabs / reversinglabs-siem-rulesView on GitHubMore

• External links
• Readme badge

A collection of various SIEM rules relating to malware family groups.

☆69Jun 18, 2024Updated last year

Alternatives and similar repositories for reversinglabs-siem-rules

Users that are interested in reversinglabs-siem-rules are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• stefanpems / sentinel-utilities

  View on GitHub
  Utilities for Microsoft Sentinel
  ☆20Dec 7, 2025Updated 3 months ago
• Truvis / Sentinel

  View on GitHub
  ☆30May 1, 2025Updated 10 months ago
• lawndoc / AdvancedHuntingQueries

  View on GitHub
  Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.
  ☆133Feb 10, 2026Updated last month
• LearningKijo / KQL

  View on GitHub
  Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
  ☆487Nov 22, 2024Updated last year
• cyb3rmik3 / KQL-threat-hunting-queries

  View on GitHub
  A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…
  ☆762Aug 28, 2025Updated 7 months ago
• NordVPN Threat Protection Pro™ • Ad
  Take your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
• Cyb3r-Monk / Threat-Hunting-and-Detection

  View on GitHub
  Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
  ☆807Jan 14, 2026Updated 2 months ago
• h0ffayyy / MicrosoftSentinelStuff

  View on GitHub
  Misc. content for Microsoft Sentinel
  ☆17Apr 12, 2024Updated last year
• KustoKing / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Detections for Microsoft Sentinel and Microsoft 365 Defender
  ☆21Nov 15, 2024Updated last year
• CyberSift / OSQUERY-PACKS

  View on GitHub
  Osquery Packs we use for customer security hardening
  ☆12Jun 30, 2025Updated 8 months ago
• cyb3rmik3 / MDE-DFIR-Resources

  View on GitHub
  A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …
  ☆454Feb 18, 2026Updated last month
• ep3p / Sentinel_KQL

  View on GitHub
  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…
  ☆135Mar 18, 2026Updated last week
• ml58158 / Demystifying-KQL

  View on GitHub
  Content Repo for Demystifying KQL Tutorial Series
  ☆73Sep 1, 2024Updated last year
• The-DFIR-Report / Suricata-Rules

  View on GitHub
  ☆11Jun 12, 2023Updated 2 years ago
• blackhatethicalhacking / HUNT

  View on GitHub
  ☆12Aug 21, 2020Updated 5 years ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• reprise99 / kql-for-dfir

  View on GitHub
  A guide to using Azure Data Explorer and KQL for DFIR
  ☆124May 16, 2022Updated 3 years ago
• Bert-JanP / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…
  ☆1,671Updated this week
• f-bader / SentinelARConverter

  View on GitHub
  Sentinel Analytics Rule converter PowerShell module
  ☆67Feb 24, 2026Updated last month
• chandrasekarrathinam / infosec

  View on GitHub
  Cyber | Cloud Security Checklist | Incident Response | Policy Template | Use cases
  ☆13Nov 24, 2020Updated 5 years ago
• FalconForceTeam / FalconFriday

  View on GitHub
  Hunting queries and detections
  ☆891Oct 30, 2025Updated 4 months ago
• briandelmsft / SentinelAutomationModules

  View on GitHub
  The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
  ☆277Jan 2, 2026Updated 2 months ago
• Bert-JanP / Sentinel-Automation

  View on GitHub
  Sentinel Logic Apps, Playbooks and Workbooks to automate enrichment, incident analysis and more.
  ☆116Jan 18, 2026Updated 2 months ago
• markolauren / sentinel

  View on GitHub
  ☆67Mar 9, 2026Updated 2 weeks ago
• f-bader / AzSentinelQueries

  View on GitHub
  Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
  ☆140Updated this week
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• wagga40 / Mitre2Datatables

  View on GitHub
  Bring Your Own Mitre Att&ck © Matrix !
  ☆13Oct 19, 2023Updated 2 years ago
• rod-trent / SentinelKQL

  View on GitHub
  Azure Sentinel KQL
  ☆471Jul 28, 2025Updated 8 months ago
• m4nbat / KustQueryLanguage_kql

  View on GitHub
  Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting
  ☆68Dec 7, 2025Updated 3 months ago
• FalconForceTeam / KQLAnalyzer

  View on GitHub
  REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
  ☆51Sep 22, 2025Updated 6 months ago
• NVISOsecurity / SEC599-Resources

  View on GitHub
  ☆23Jan 2, 2023Updated 3 years ago
• huntresslabs / threat-intel

  View on GitHub
  This repository contains supplemental items including IOCs, and signatures discussed in Huntress blogposts, and other media.
  ☆47Feb 27, 2026Updated last month
• GabrielDuschl / SmartSpray

  View on GitHub
  A script designed to test passwords against user accounts within an Active Directory environment, offering customizable Account Lockout T…
  ☆17Jan 28, 2026Updated 2 months ago
• Cloud-Architekt / AzureSentinel

  View on GitHub
  Sharing my KQL queries for Azure Sentinel
  ☆208Feb 9, 2026Updated last month
• temp43487580 / BAADTokenBroker

  View on GitHub
  BAADTokenBroker is a post-exploitation tool designed to interact with Microsoft Entra ID device-bound keys.
  ☆63Mar 11, 2026Updated 2 weeks ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• CD-R0M / YARA

  View on GitHub
  Hundred Days of Yara Challenge
  ☆12Jun 21, 2022Updated 3 years ago
• mdecrevoisier / SIGMA-detection-rules

  View on GitHub
  Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques
  ☆417Nov 8, 2025Updated 4 months ago
• jatrost / awesome-detection-rules

  View on GitHub
  This is a collection of threat detection rules / rules engines that I have come across.
  ☆297May 5, 2024Updated last year
• eshlomo1 / MS-Defender-4-xOPS

  View on GitHub
  ☆17Jul 20, 2024Updated last year
• curated-intel / The-CTI-Research-Guide

  View on GitHub
  A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners
  ☆117Oct 29, 2024Updated last year
• KostasKoutrou / KQL

  View on GitHub
  KQL Queries for Advanced Hunting / Log Analytics
  ☆13Jan 29, 2026Updated 2 months ago
• RussianPanda95 / Yara-Rules

  View on GitHub
  Repository of Yara Rules
  ☆141Mar 16, 2026Updated last week