st0pp3r / awesome-detection-engineerLinks
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
☆110Updated 3 weeks ago
Alternatives and similar repositories for awesome-detection-engineer
Users that are interested in awesome-detection-engineer are comparing it to the libraries listed below
Sorting:
- Mapping of open-source detection rules and atomic tests.☆170Updated 6 months ago
- ☆110Updated 2 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆154Updated 3 months ago
- Finding ClickFix and FakeCAPTCHA like it's 1999☆44Updated this week
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆27Updated 8 months ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆124Updated last year
- ☆74Updated last month
- CarbonBlack EDR detection rules and response actions☆71Updated 10 months ago
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆98Updated 9 months ago
- A collection of various SIEM rules relating to malware family groups.☆67Updated last year
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆51Updated 9 months ago
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆76Updated 3 months ago
- A collection of CVEs weaponized by ransomware operators☆119Updated last month
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆47Updated 3 months ago
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆24Updated last month
- Jupyter Univere is a search engine for all infosec jupyter notebooks☆27Updated 4 months ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆136Updated this week
- Sigma detection rules for hunting with the threathunting-keywords project☆56Updated 5 months ago
- ☆34Updated 8 months ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Updated 10 months ago
- A starter pack of resources to help you get started in Detection Engineering.☆159Updated 3 weeks ago
- ☆93Updated 2 months ago
- God Mode Detection Rules☆134Updated 11 months ago
- Slides of my public talks☆56Updated last year
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆49Updated last year
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆82Updated last year
- MISP Playbooks☆205Updated last month
- Hunting Queries for Defender ATP☆82Updated 3 months ago
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆187Updated 7 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated last year