32 results found Sort:

sbousseaden
EVTX-ATTACK-SAMPLES sbousseaden
392
2.2k
gpl-3.0
144
Windows Events Attack Samples
dfir evtx dataset winlogbeat mitre-attack threat-hunting windows-security detection-engineering
Created 2019-03-15
676 commits to master branch, last one about a year ago
DataDog
stratus-red-team DataDog
197
1.7k
apache-2.0
33
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
aws security purple-team aws-security gcp-security mitre-attack azure-security cloud-security threat-detection adversary-emulation kubernetes-security cloud-native-security detection-engineering
Created 2022-01-07
645 commits to main branch, last one 10 days ago
mikeroyal
Digital-Forensics-Guide mikeroyal
178
1.5k
unknown
30
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
dfir siem osint alerting security forensics mitre-attack port-scanning cyber-security forensics-tools digitalforensics network-security digital-forensics forensic-analysis offensive-security intrusion-detection threat-intelligence detection-engineering digitalforensicreadiness forensics-investigations
Created 2021-08-06
81 commits to main branch, last one 5 months ago
matanolabs
matano matanolabs
93
1.4k
apache-2.0
21
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
aws dfir rust siem cloud secops alerting big-data security serverless aws-security cloud-native cybersecurity log-analytics apache-iceberg cloud-security log-management security-tools threat-hunting detection-engineering
Created 2022-07-03
575 commits to main branch, last one 8 days ago
splunk
security_content splunk
332
1.2k
apache-2.0
64
Splunk Security Content
cicd splunk detection responses engineering cybersecurity detection-engineering
Created 2018-12-18
23,523 commits to develop branch, last one 7 days ago
mikeroyal
Open-Source-Security-Guide mikeroyal
80
868
unknown
29
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
siem infosec compliance kali-linux pentesters mitre-attack surveillance scanning-tool cyber-security forensics-tools vulnerabilities network-analysis incident-response offensive-security privacy-protection incident-management intrusion-detection information-security detection-engineering vulnerability-detection
Created 2020-10-17
118 commits to main branch, last one 5 months ago
mvelazc0
PurpleSharp mvelazc0
104
751
bsd-3-clause
31
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
purple-team controls-validation adversary-simulation detection-engineering
Created 2019-09-08
161 commits to master branch, last one 11 months ago
infosecB
awesome-detection-engineering infosecB
66
716
cc0-1.0
23
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying m...
mitre splunk awesome awesome-list cybersecurity threat-detection detection-engineering
Created 2020-09-26
120 commits to main branch, last one 5 days ago
runreveal
pql runreveal
23
621
apache-2.0
5
Pipelined Query Language
go sql siem golang clickhouse query-language detection-engineering
Created 2024-01-26
118 commits to main branch, last one 2 days ago
Cyb3r-Monk
Threat-Hunting-and-Detection Cyb3r-Monk
92
569
bsd-3-clause
29
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
kql dfir cybersecurity kusto-language threat-hunting threat-detection microsoft-sentinel defender-for-endpoint detection-engineering
Created 2020-11-02
22 commits to main branch, last one 5 months ago
sbousseaden
Slides sbousseaden
59
364
unknown
33
Misc Threat Hunting Resources
dfir mindmap threat-hunting detection-engineering
Created 2019-10-20
75 commits to master branch, last one 2 years ago
mthcht
ThreatHunting-Keywords mthcht
40
359
unknown
7
Awesome list of keywords and artifacts for Threat Hunting sessions
soc dfir iocs siem splunk redteam blueteam forensic elk-stack hacktools sigma-rules awesome-list threathunting threat-hunting endpoint-security incident-response offensive-scripts offensive-security threat-intelligence detection-engineering
Created 2023-05-16
419 commits to main branch, last one 7 days ago
DataDog
threatest DataDog
26
311
apache-2.0
13
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
threat-detection continuous-security security-automation detection-engineering
Created 2022-06-16
99 commits to main branch, last one 5 months ago
nasbench
SIGMA-Resources nasbench
14
161
unknown
9
Resources To Learn And Understand SIGMA Rules
linux rules sigma awesome windows learning detection resources sigma-rules detection-engineering
Created 2021-10-10
13 commits to main branch, last one about a year ago
0xrawsec
gene 0xrawsec
17
152
gpl-3.0
14
Signature engine for all your logs
dfir threat-hunting detection-engineering
Created 2017-07-20
114 commits to master branch, last one 7 months ago
3CORESec
SIEGMA 3CORESec
20
139
agpl-3.0
10
SIEGMA - Transform Sigma rules into SIEM consumables
siem sigma security data-driven detection-engineering
Created 2020-09-28
232 commits to master branch, last one about a year ago
mthcht
Purpleteam mthcht
14
127
unknown
8
Purpleteam scripts simulation & Detection - trigger events for SOC detections
ioc soc siem linux awesome redteam tactics windows blueteam security detection purpleteam simulation techniques awesome-list mitre-attack threathunting threat-hunting offensive-scripts detection-engineering
Created 2022-12-05
600 commits to main branch, last one 15 days ago
ControlCompass
ControlCompass.github.io ControlCompass
26
118
mit
6
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
soc siem infosec red-team security detection red-teaming intelligence mitre-attack cybersecurity security-tools threat-hunting security-operations threat-intelligence information-security detection-engineering
Created 2022-01-24
182 commits to main branch, last one about a year ago
mvelazc0
attack2jira mvelazc0
29
113
bsd-3-clause
8
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage
mitre mitre-attack attack-coverage detection-engineering
Created 2019-10-02
48 commits to master branch, last one about a year ago
lawndoc
AdvancedHuntingQueries lawndoc
13
94
unlicense
5
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
kql xdr kusto hunting defender security detection microsoft defender-atp microsoft365 cybersecurity cyber-security threat-hunting defender-for-endpoint detection-engineering
Created 2021-08-13
139 commits to main branch, last one 6 months ago
bradleyjkemp
sigma-go bradleyjkemp
18
77
mit
5
A Go implementation and parser for Sigma rules.
sigma detection-engineering
Created 2020-09-10
66 commits to main branch, last one about a month ago
anvilogic-forge
armory anvilogic-forge
3
69
gpl-3.0
3
Anvilogic Forge
splunk detection snowflake threat-hunting detection-engineering
Created 2024-02-05
763 commits to main branch, last one 3 days ago
adrianlois
DFIR-Detection-Engineering adrianlois
9
63
gpl-3.0
2
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos ...
dfir tips linux macosx tricks forense malware windows security artefacts deteccion forensics artefactos evidencias anti-forense cybersecurity digital-forensics incident-response detection-engineering
Created 2023-06-26
241 commits to main branch, last one 20 days ago
AttackIQ
SigmAIQ AttackIQ
6
60
lgpl-2.1
2
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
llm sigma python3 security langchain sigma-rules security-tools detection-engineering
Created 2023-06-13
52 commits to master branch, last one 27 days ago
mthcht
ThreatHunting-Keywords-yara-rules mthcht
6
58
other
4
yara detection rules for hunting with the threathunting-keywords project
dfir hunting blueteam hacktools yara-rules awesome-list yara-scanner threat-hunting yara-forensics forensics-tools yara-signatures incident-response offensive-security threat-intelligence detection-engineering
Created 2023-10-19
77 commits to main branch, last one 4 days ago
reversinglabs
reversinglabs-siem-rules reversinglabs
6
58
mit
5
A collection of various SIEM rules relating to malware family groups.
siem infosec microsoft-sentinel detection-engineering
Created 2022-12-05
50 commits to master branch, last one about a month ago
west-wind
Threat-Hunting-With-Splunk west-wind
7
52
mit
3
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
splunk bpfdoor detection arcanedoor rtm-locker text4shell line-dancer line-runner esxi-malware mitre-attack vulnerability cve-2024-20353 cve-2024-20359 esxi-ransomware bpfdoor-detection detection-engineering
Created 2022-04-12
41 commits to main branch, last one about a month ago
0xAnalyst
DefenderATPQueries 0xAnalyst
5
51
gpl-3.0
2
Hunting Queries for Defender ATP
kql defender-atp detection-rules detection-engineering
Created 2023-09-12
170 commits to main branch, last one 21 days ago
3CORESec
Automata 3CORESec
11
48
agpl-3.0
5
Automatic detection engineering technical state compliance
sigma caldera detection detection-engineering
Created 2021-06-21
29 commits to master branch, last one 5 months ago
M3NIX
sigmaio M3NIX
3
47
unlicense
2
simple webapp for converting sigma rules into siem queries using the pySigma library
sigma splunk pysigma detection-engineering
This repository has been archived (exclude archived)
Created 2022-05-02
37 commits to main branch, last one 9 months ago