st0pp3r / awesome-detection-engineer
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
☆76Updated this week
Alternatives and similar repositories for awesome-detection-engineer:
Users that are interested in awesome-detection-engineer are comparing it to the libraries listed below
- CarbonBlack EDR detection rules and response actions☆71Updated 6 months ago
- Mapping of open-source detection rules and atomic tests.☆156Updated 2 months ago
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆24Updated 4 months ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆118Updated 11 months ago
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆83Updated 4 months ago
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆101Updated this week
- ☆74Updated this week
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆71Updated 2 months ago
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆51Updated 5 months ago
- A simple tool designed to create Atomic Red Team tests with ease.☆38Updated 2 weeks ago
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 7 months ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 10 months ago
- Sigma detection rules for hunting with the threathunting-keywords project☆55Updated 3 weeks ago
- Baseline a Windows System against LOLBAS☆25Updated 11 months ago
- ☆101Updated this week
- Slides of my public talks☆54Updated last year
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆58Updated last week
- SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…☆51Updated 3 months ago
- A collection of various SIEM rules relating to malware family groups.☆65Updated 9 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆153Updated 10 months ago
- MS Graph Commands and Tools for Blue Teamers☆49Updated last year
- This repository contains a comprehensive testing designed for evaluating the performance and resilience of Endpoint Detection and Respons…☆51Updated 5 months ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆147Updated 6 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆77Updated this week
- Advanced Email Threat Hunting w/ Detection as Code☆52Updated last month
- Jupyter Univere is a search engine for all infosec jupyter notebooks☆25Updated 3 months ago
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆47Updated 11 months ago
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆155Updated this week
- A collection of CVEs weaponized by ransomware operators☆111Updated last week
- Pythia is a versatile query format designed to facilitate the discovery of malicious infrastructure by seamlessly converting into the syn…☆32Updated 7 months ago