Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automated translation into other languages
☆132Jul 19, 2024Updated last year
Alternatives and similar repositories for Roota
Users that are interested in Roota are comparing it to the libraries listed below
Sorting:
- An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.☆177Dec 2, 2025Updated 2 months ago
- [ARCHIVED -- USE TXT2DETECTION] A command line tool that converts Sigma Rules into STIX 2.1 Objects.☆12Feb 19, 2026Updated last week
- A collection of scripts for the purpose of gathering open source intelligence, to be presented at GrayHat, BSides Denver, and Information…☆25Feb 4, 2021Updated 5 years ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆60Mar 12, 2022Updated 3 years ago
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆413Nov 8, 2025Updated 3 months ago
- An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced sec…☆208Apr 3, 2025Updated 10 months ago
- A repository of my own Sigma detection rules.☆163Nov 25, 2025Updated 3 months ago
- Notes for High Availability MISP in AWS☆19Nov 6, 2019Updated 6 years ago
- CDK app to setup an isolated AWS network to experiment with ways of exfiltrating data☆18Nov 18, 2021Updated 4 years ago
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆302Updated this week
- Malware detonation platform Polygon integration☆10Aug 1, 2023Updated 2 years ago
- This is a collection of threat detection rules / rules engines that I have come across.☆296May 5, 2024Updated last year
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆338Feb 13, 2026Updated 2 weeks ago
- CocktailParty is a data broker system based on phoenix framework☆23Apr 23, 2025Updated 10 months ago
- Repository for scripts and tips for "Yara Scan Service"☆20Feb 19, 2023Updated 3 years ago
- Open Threat Hunting Framework☆124May 26, 2023Updated 2 years ago
- Sigma Detection Rule Repository☆92Jun 18, 2020Updated 5 years ago
- SigmaHQ pySigma CrowdStrike processing pipeline☆27Nov 30, 2025Updated 3 months ago
- Sigma rules to share with the community☆124Jan 29, 2025Updated last year
- Taranis NG is an OSINT gathering and analysis tool for CSIRT teams and organisations. It allows team-to-team collaboration, and contains …☆10Oct 17, 2023Updated 2 years ago
- AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE…☆1,205Dec 29, 2025Updated 2 months ago
- Repository of attack and defensive information for Business Email Compromise investigations☆275May 10, 2025Updated 9 months ago
- The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).☆412Updated this week
- An open source platform to support analysts to organise their case and tasks☆126Updated this week
- A detailed list of potentially dangerous file extensions☆18Jun 18, 2025Updated 8 months ago
- Anvilogic Forge☆114Sep 18, 2025Updated 5 months ago
- Draugnet is a lightweight, open-source tool for anonymous cyber threat reporting. Built for the MISP ecosystem, it lets users submit and …☆20Sep 2, 2025Updated 5 months ago
- ☆10Nov 21, 2023Updated 2 years ago
- ☆11Dec 9, 2025Updated 2 months ago
- The NSE Script plugin integrates with Criminal IP CTI search engine for network scanning, showing IP details like WHOIS, running products…☆15Nov 29, 2023Updated 2 years ago
- Recordization library☆11Updated this week
- List of links and resources referred to in my SANS OSINT Summit 2024 Talk "OSINT On The Russian Internet"☆11Feb 29, 2024Updated 2 years ago
- snake-core - the real snake☆15Jul 11, 2023Updated 2 years ago
- Small and highly portable detection tests based on MITRE's ATT&CK.☆10Feb 17, 2025Updated last year
- Terraform playbook of a vulnerable Azure deployment☆10Apr 28, 2022Updated 3 years ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77May 21, 2024Updated last year
- Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation o…☆1,138Dec 19, 2025Updated 2 months ago
- Active C2 IoCs☆99Nov 28, 2022Updated 3 years ago
- Some of my rough notes for Docker threat detection☆49Aug 26, 2023Updated 2 years ago