st0pp3r / awesome-detection-engineerLinks
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
☆136Updated last month
Alternatives and similar repositories for awesome-detection-engineer
Users that are interested in awesome-detection-engineer are comparing it to the libraries listed below
Sorting:
- Mapping of open-source detection rules and atomic tests.☆193Updated 11 months ago
- ☆119Updated 7 months ago
- A curated collection of DFIR skills and workflows for InfoSec practitioners.☆200Updated last week
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆162Updated 9 months ago
- A collection of various SIEM rules relating to malware family groups.☆70Updated last year
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆116Updated last year
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆126Updated last year
- A starter pack of resources to help you get started in Detection Engineering.☆180Updated 4 months ago
- Jupyter Univere is a search engine for all infosec jupyter notebooks☆34Updated 9 months ago
- CarbonBlack EDR detection rules and response actions☆73Updated last year
- A collection of CVEs weaponized by ransomware operators☆128Updated 3 months ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Updated last year
- ☆74Updated this week
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆82Updated 8 months ago
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆192Updated last year
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆50Updated 8 months ago
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆29Updated last year
- MISP Playbooks☆221Updated 3 months ago
- A repository to share publicly available Velociraptor detection content☆190Updated this week
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆90Updated 2 months ago
- AI-powered cybersecurity attack flow visualization tool using MITRE ATT&CK☆194Updated last month
- An index of publicly available and open-source threat detection rulesets.☆130Updated 9 months ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆89Updated 2 years ago
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆146Updated this week
- A preconfigured Velociraptor triage collector☆73Updated last week
- This repository contains a comprehensive testing designed for evaluating the performance and resilience of Endpoint Detection and Respons…☆63Updated last year
- God Mode Detection Rules☆135Updated last year
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆84Updated last year
- An automated Adversary Emulation lab with terraform and MCP server. Build Caldera techniques and operations assisted with LLMs. Built f…☆204Updated last month
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Updated last year