st0pp3r / awesome-detection-engineerLinks
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
☆103Updated last week
Alternatives and similar repositories for awesome-detection-engineer
Users that are interested in awesome-detection-engineer are comparing it to the libraries listed below
Sorting:
- Mapping of open-source detection rules and atomic tests.☆169Updated 5 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆155Updated 3 months ago
- A collection of various SIEM rules relating to malware family groups.☆66Updated last year
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆76Updated 2 months ago
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆27Updated 7 months ago
- Finding ClickFix and FakeCAPTCHA like it's 1999☆41Updated this week
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆124Updated last year
- ☆107Updated last month
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆97Updated 8 months ago
- CarbonBlack EDR detection rules and response actions☆71Updated 10 months ago
- ☆74Updated 2 weeks ago
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆51Updated 8 months ago
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆122Updated last week
- Sigma detection rules for hunting with the threathunting-keywords project☆55Updated 4 months ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆89Updated last year
- A starter pack of resources to help you get started in Detection Engineering.☆132Updated last week
- Slides of my public talks☆56Updated last year
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆46Updated 2 months ago
- ☆34Updated 8 months ago
- Have you ever wanted to search a link or IP address on multiple OSINT pages at once?☆53Updated last week
- A collection of CVEs weaponized by ransomware operators☆117Updated last month
- A preconfigured Velociraptor triage collector☆52Updated last week
- VirtualGHOST Detection Tool☆91Updated last year
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆24Updated 2 weeks ago
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆49Updated last year
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆108Updated 9 months ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆82Updated last year
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆135Updated last week
- A repository for tracking events related to the MOVEit Transfer Cl0p Campaign☆71Updated last year
- An index of publicly available and open-source threat detection rulesets.☆118Updated 2 months ago