st0pp3r / awesome-detection-engineerLinks
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
☆99Updated 3 weeks ago
Alternatives and similar repositories for awesome-detection-engineer
Users that are interested in awesome-detection-engineer are comparing it to the libraries listed below
Sorting:
- CarbonBlack EDR detection rules and response actions☆71Updated 9 months ago
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆96Updated 7 months ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆124Updated last year
- ☆105Updated 3 weeks ago
- Mapping of open-source detection rules and atomic tests.☆168Updated 5 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆81Updated last month
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆51Updated 8 months ago
- Have you ever wanted to search a link or IP address on multiple OSINT pages at once?☆51Updated 3 weeks ago
- Finding ClickFix and FakeCAPTCHA like it's 1999☆39Updated this week
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆155Updated 2 months ago
- Repository for sharing examples of our artifacts data and for use in new analyst recruitment.☆100Updated 2 months ago
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆76Updated 2 months ago
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆26Updated 7 months ago
- A collection of various SIEM rules relating to malware family groups.☆66Updated last year
- ☆74Updated 2 weeks ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆82Updated last year
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆129Updated this week
- Convert Sigma rules to SIEM queries, directly in your browser.☆89Updated last week
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆24Updated 3 weeks ago
- ☆92Updated last month
- Slides of my public talks☆55Updated last year
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆120Updated this week
- A preconfigured Velociraptor triage collector☆52Updated last week
- This repository contains a comprehensive testing designed for evaluating the performance and resilience of Endpoint Detection and Respons…☆54Updated 8 months ago
- ☆33Updated 7 months ago
- Jupyter Univere is a search engine for all infosec jupyter notebooks☆26Updated 3 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆41Updated last month
- An index of publicly available and open-source threat detection rulesets.☆114Updated 2 months ago
- Sigma detection rules for hunting with the threathunting-keywords project☆55Updated 3 months ago
- A repository to share publicly available Velociraptor detection content☆173Updated this week