st0pp3r / awesome-detection-engineerLinks
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
☆132Updated last week
Alternatives and similar repositories for awesome-detection-engineer
Users that are interested in awesome-detection-engineer are comparing it to the libraries listed below
Sorting:
- Mapping of open-source detection rules and atomic tests.☆187Updated 10 months ago
- ☆117Updated 6 months ago
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆28Updated last year
- A collection of various SIEM rules relating to malware family groups.☆70Updated last year
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆114Updated last year
- CarbonBlack EDR detection rules and response actions☆73Updated last year
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆159Updated 7 months ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆125Updated last year
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆50Updated 7 months ago
- ☆74Updated last week
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆80Updated 7 months ago
- A collection of CVEs weaponized by ransomware operators☆126Updated last month
- Jupyter Univere is a search engine for all infosec jupyter notebooks☆32Updated 8 months ago
- A preconfigured Velociraptor triage collector☆70Updated last week
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆23Updated 3 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆88Updated last month
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆52Updated last year
- Sigma detection rules for hunting with the threathunting-keywords project☆56Updated 9 months ago
- ☆100Updated last month
- MISP Playbooks☆219Updated last month
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆150Updated last year
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆140Updated last week
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆160Updated last month
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆189Updated 11 months ago
- A repository for tracking events related to the MOVEit Transfer Cl0p Campaign☆71Updated 2 years ago
- A starter pack of resources to help you get started in Detection Engineering.☆176Updated 3 months ago
- Slides of my public talks☆56Updated last year
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆83Updated last year
- This Repository consists all Public Cheatsheets created by BlackPerl DFIR Content Team☆20Updated last year
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆89Updated 2 years ago