st0pp3r / awesome-detection-engineer
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
☆85Updated last week
Alternatives and similar repositories for awesome-detection-engineer:
Users that are interested in awesome-detection-engineer are comparing it to the libraries listed below
- Mapping of open-source detection rules and atomic tests.☆162Updated 2 months ago
- CarbonBlack EDR detection rules and response actions☆71Updated 7 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆154Updated last week
- ☆74Updated 3 weeks ago
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆72Updated 2 weeks ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆121Updated last year
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆51Updated 5 months ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 11 months ago
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆87Updated 5 months ago
- ☆102Updated last week
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆23Updated last week
- Slides of my public talks☆55Updated last year
- Convert Sigma rules to SIEM queries, directly in your browser.☆74Updated last week
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆24Updated 4 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆78Updated last week
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆88Updated last year
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac��…☆147Updated 6 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated 2 months ago
- Jupyter Univere is a search engine for all infosec jupyter notebooks☆26Updated 3 weeks ago
- A collection of various SIEM rules relating to malware family groups.☆66Updated 9 months ago
- Sigma detection rules for hunting with the threathunting-keywords project☆55Updated last month
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆63Updated 2 weeks ago
- Active C&C Detector☆153Updated last year
- AHHHZURE is an automated deployment script that creates a vulnerable Azure cloud lab for offensive security practitioners and enthusiasts…☆102Updated 11 months ago
- A repository to share publicly available Velociraptor detection content☆154Updated this week
- Hunting Queries for Defender ATP☆81Updated last week
- ☆87Updated 2 months ago
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆106Updated this week
- Baseline a Windows System against LOLBAS☆26Updated 11 months ago
- Advanced Threat Hunting: Ransomware Group☆20Updated 4 months ago