Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
☆150Feb 14, 2026Updated 2 weeks ago
Alternatives and similar repositories for awesome-detection-engineer
Users that are interested in awesome-detection-engineer are comparing it to the libraries listed below
Sorting:
- Online resources related to SOC Analysts. Incident investigation reference material, blogs, newsletters, good reads, books, trainings, po…☆42Feb 14, 2026Updated 2 weeks ago
- Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR☆16Nov 7, 2025Updated 3 months ago
- Collection of different Azure/Entra focused solutions (Deployable templates, Function Apps, etc)☆79Updated this week
- Sentinel Logic Apps, Playbooks and Workbooks to automate enrichment, incident analysis and more.☆115Jan 18, 2026Updated last month
- Sigma rules to share with the community☆124Jan 29, 2025Updated last year
- PDump is a project for dumping leaked credentials from DEHASHED☆17Jan 21, 2024Updated 2 years ago
- A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…☆758Aug 28, 2025Updated 6 months ago
- KQL Queries☆33Feb 17, 2026Updated 2 weeks ago
- A repository of my own Sigma detection rules.☆163Nov 25, 2025Updated 3 months ago
- sKaleQL is an opinionated template repository for managing, executing, and organizing Kusto Query Language (KQL) queries against Azure Lo…☆19May 20, 2025Updated 9 months ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆432Feb 18, 2026Updated 2 weeks ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆473Oct 29, 2025Updated 4 months ago
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆302Updated this week
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆277Dec 20, 2025Updated 2 months ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆804Jan 14, 2026Updated last month
- Anvilogic Forge☆115Sep 18, 2025Updated 5 months ago
- ResearchDev - XDR & SIEM Detection☆67Apr 16, 2025Updated 10 months ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆83Apr 27, 2024Updated last year
- ☆18Feb 2, 2026Updated last month
- Sentinel Threat Intelligence Upload Toolkit☆18Jul 15, 2024Updated last year
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Oct 23, 2024Updated last year
- This is a collection of threat detection rules / rules engines that I have come across.☆296May 5, 2024Updated last year
- yara detection rules for hunting with the threathunting-keywords project☆157May 11, 2025Updated 9 months ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆49Jan 1, 2026Updated 2 months ago
- A small guide on Unknown/Orphaned SIDs and some PowerShell tools to help you get rid of them.☆20Mar 28, 2022Updated 3 years ago
- Collection of scripts to automate the Malware Analysis process☆33Oct 27, 2025Updated 4 months ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆641Aug 4, 2025Updated 7 months ago
- Mapping of open-source detection rules and atomic tests.☆202Feb 16, 2026Updated 2 weeks ago
- Awesome Security lists for SOC/CERT/CTI☆1,263Updated this week
- Visualize Microsoft Defender XDR process trees and security events☆33Aug 24, 2025Updated 6 months ago
- MacroExploit use in excel sheet☆20Jun 12, 2023Updated 2 years ago
- This repo is about Active Directory Advanced Threat Hunting☆648Feb 17, 2025Updated last year
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆193Dec 20, 2024Updated last year
- An opensource sigma conversion tool built using pysigma☆160Feb 9, 2026Updated 3 weeks ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆128Apr 6, 2024Updated last year
- Sharing my KQL queries for Azure Sentinel☆208Feb 9, 2026Updated 3 weeks ago
- Detect Remote Local Credentials Dumping using a Shadow Snapshot☆32Jan 27, 2025Updated last year
- Cyber Threat Intelligence☆78Dec 7, 2025Updated 2 months ago