st0pp3r / awesome-detection-engineerLinks
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
☆144Updated this week
Alternatives and similar repositories for awesome-detection-engineer
Users that are interested in awesome-detection-engineer are comparing it to the libraries listed below
Sorting:
- ☆120Updated 8 months ago
- Mapping of open-source detection rules and atomic tests.☆195Updated this week
- CarbonBlack EDR detection rules and response actions☆73Updated last year
- A curated collection of DFIR skills and workflows for InfoSec practitioners.☆244Updated this week
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆127Updated last year
- A collection of various SIEM rules relating to malware family groups.☆70Updated last year
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆162Updated 10 months ago
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆115Updated last year
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆192Updated last year
- A collection of CVEs weaponized by ransomware operators☆129Updated 3 months ago
- MCP to help Defenders Detection Engineer Harder and Smarter☆231Updated last week
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆90Updated 2 years ago
- A starter pack of resources to help you get started in Detection Engineering.☆183Updated 3 weeks ago
- ☆74Updated last week
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆148Updated this week
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆51Updated 9 months ago
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆82Updated 9 months ago
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆29Updated last year
- A repository for tracking events related to the MOVEit Transfer Cl0p Campaign☆71Updated 2 years ago
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆92Updated 5 years ago
- Repository for sharing examples of our artifacts data and for use in new analyst recruitment.☆109Updated 9 months ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆83Updated last year
- VirtualGHOST Detection Tool☆105Updated 2 months ago
- This repository contains a comprehensive testing designed for evaluating the performance and resilience of Endpoint Detection and Respons…☆63Updated last year
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆167Updated 2 months ago
- Some Threat Hunting queries useful for blue teamers☆131Updated 3 years ago
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆49Updated last month
- Jupyter Univere is a search engine for all infosec jupyter notebooks☆35Updated 10 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆91Updated 3 months ago
- Full of public notes and Utilities☆130Updated last month