45 results found Sort:

sbousseaden
EVTX-ATTACK-SAMPLES sbousseaden
410
2.3k
gpl-3.0
140
Windows Events Attack Samples
dfir evtx dataset winlogbeat mitre-attack threat-hunting windows-security detection-engineering
Created 2019-03-15
676 commits to master branch, last one 2 years ago
DataDog
stratus-red-team DataDog
237
2.0k
apache-2.0
36
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
aws security purple-team aws-security gcp-security mitre-attack azure-security cloud-security threat-detection adversary-emulation kubernetes-security cloud-native-security detection-engineering
Created 2022-01-07
732 commits to main branch, last one 20 days ago
mikeroyal
Digital-Forensics-Guide mikeroyal
219
1.8k
unknown
35
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
dfir siem osint alerting security forensics mitre-attack port-scanning cyber-security forensics-tools digitalforensics network-security digital-forensics forensic-analysis offensive-security intrusion-detection threat-intelligence detection-engineering digitalforensicreadiness forensics-investigations
Created 2021-08-06
81 commits to main branch, last one about a year ago
matanolabs
matano matanolabs
111
1.5k
apache-2.0
21
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
aws dfir rust siem cloud secops alerting big-data security serverless aws-security cloud-native cybersecurity log-analytics apache-iceberg cloud-security log-management security-tools threat-hunting detection-engineering
Created 2022-07-03
576 commits to main branch, last one 3 months ago
splunk
security_content splunk
393
1.4k
apache-2.0
71
Splunk Security Content
cicd splunk detection responses engineering cybersecurity detection-engineering
Created 2018-12-18
26,782 commits to develop branch, last one 5 days ago
BushidoUK
Ransomware-Tool-Matrix BushidoUK
113
1.0k
unknown
23
A resource containing all the tools each ransomware gangs uses
cti osint hacking ransomware threatintel cybersecurity threat-hunting threat-intelligence detection-engineering
Created 2024-08-12
592 commits to main branch, last one 24 days ago
mikeroyal
Open-Source-Security-Guide mikeroyal
86
958
unknown
28
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
siem infosec compliance kali-linux pentesters mitre-attack surveillance scanning-tool cyber-security forensics-tools vulnerabilities network-analysis incident-response offensive-security privacy-protection incident-management intrusion-detection information-security detection-engineering vulnerability-detection
Created 2020-10-17
118 commits to main branch, last one about a year ago
infosecB
awesome-detection-engineering infosecB
84
951
cc0-1.0
28
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying m...
mitre splunk awesome awesome-list cybersecurity threat-detection detection-engineering
Created 2020-09-26
129 commits to main branch, last one 2 months ago
mthcht
awesome-lists mthcht
108
920
mit
28
Awesome Security lists for SOC/CERT/CTI
ir cti ioc rmm soc dfir iocs siem redteam blueteam security detection hacktools ransomware awesome-list blueteam-tools threat-hunting incident-response threat-intelligence detection-engineering
Created 2022-12-11
37,083 commits to main branch, last one 10 hours ago
mvelazc0
PurpleSharp mvelazc0
109
799
bsd-3-clause
31
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
purple-team controls-validation adversary-simulation detection-engineering
Created 2019-09-08
177 commits to master branch, last one 3 months ago
Cyb3r-Monk
Threat-Hunting-and-Detection Cyb3r-Monk
103
718
bsd-3-clause
30
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
kql dfir cybersecurity kusto-language threat-hunting threat-detection microsoft-sentinel defender-for-endpoint detection-engineering
Created 2020-11-02
31 commits to main branch, last one 27 days ago
runreveal
pql runreveal
25
650
apache-2.0
5
Pipelined Query Language
go sql siem golang clickhouse query-language detection-engineering
Created 2024-01-26
124 commits to main branch, last one 3 months ago
mthcht
ThreatHunting-Keywords mthcht
60
555
unknown
11
Awesome list of keywords and artifacts for Threat Hunting sessions
soc dfir iocs siem splunk redteam blueteam forensic elk-stack hacktools yara-rules awesome-list threathunting threat-hunting endpoint-security incident-response offensive-scripts offensive-security threat-intelligence detection-engineering
Created 2023-05-16
544 commits to main branch, last one about a month ago
sbousseaden
Slides sbousseaden
60
374
unknown
33
Misc Threat Hunting Resources
dfir mindmap threat-hunting detection-engineering
Created 2019-10-20
75 commits to master branch, last one 3 years ago
nianticlabs
venator nianticlabs
20
373
mit
4
A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.
golang kubernetes threat-detection detection-engineering
Created 2024-09-30
11 commits to main branch, last one 6 months ago
DataDog
threatest DataDog
23
328
apache-2.0
12
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
threat-detection continuous-security security-automation detection-engineering
Created 2022-06-16
99 commits to main branch, last one about a year ago
DataDog
grimoire DataDog
16
211
apache-2.0
3
Generate datasets of cloud audit logs for common attacks
purpleteaming cloud-security detection-engineering
Created 2023-01-24
48 commits to main branch, last one 8 months ago
mthcht
Purpleteam mthcht
19
183
unknown
7
Purpleteam scripts simulation & Detection - trigger events for SOC detections
ioc soc siem linux awesome redteam tactics windows blueteam security detection purpleteam simulation techniques awesome-list mitre-attack threathunting threat-hunting offensive-scripts detection-engineering
Created 2022-12-05
726 commits to main branch, last one 3 months ago
nasbench
SIGMA-Resources nasbench
13
174
unknown
9
Resources To Learn And Understand SIGMA Rules
linux rules sigma awesome windows learning detection resources sigma-rules detection-engineering
Created 2021-10-10
13 commits to main branch, last one 2 years ago
0xrawsec
gene 0xrawsec
18
166
gpl-3.0
13
Signature engine for all your logs
dfir threat-hunting detection-engineering
Created 2017-07-20
114 commits to master branch, last one about a year ago
krdmnbrk
AttackRuleMap krdmnbrk
18
160
apache-2.0
4
Mapping of open-source detection rules and atomic tests.
splunk sigma-rules atomicredteam detection-engineering
Created 2024-12-29
14 commits to main branch, last one 2 months ago
3CORESec
SIEGMA 3CORESec
22
149
agpl-3.0
8
SIEGMA - Transform Sigma rules into SIEM consumables
siem sigma security data-driven detection-engineering
Created 2020-09-28
234 commits to master branch, last one about a month ago
ControlCompass
ControlCompass.github.io ControlCompass
24
132
mit
6
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
soc siem infosec red-team security detection red-teaming intelligence mitre-attack cybersecurity security-tools threat-hunting security-operations threat-intelligence information-security detection-engineering
Created 2022-01-24
182 commits to main branch, last one 2 years ago
lawndoc
AdvancedHuntingQueries lawndoc
17
121
unlicense
5
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.
kql xdr kusto hunting defender security detection microsoft defender-atp microsoft365 cybersecurity cyber-security threat-hunting defender-for-endpoint detection-engineering
Created 2021-08-13
140 commits to main branch, last one 8 months ago
mthcht
ThreatHunting-Keywords-yara-rules mthcht
16
116
other
6
yara detection rules for hunting with the threathunting-keywords project
dfir hunting blueteam hacktools yara-rules awesome-list yara-scanner threat-hunting yara-forensics forensics-tools yara-signatures incident-response offensive-security threat-intelligence detection-engineering
Created 2023-10-19
121 commits to main branch, last one about a month ago
mvelazc0
attack2jira mvelazc0
28
111
bsd-3-clause
8
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage
mitre mitre-attack attack-coverage detection-engineering
Created 2019-10-02
48 commits to master branch, last one 2 years ago
anvilogic-forge
armory anvilogic-forge
5
95
gpl-3.0
5
Anvilogic Forge
splunk detection snowflake threat-hunting detection-engineering
Created 2024-02-05
803 commits to main branch, last one 6 days ago
bradleyjkemp
sigma-go bradleyjkemp
18
86
mit
4
A Go implementation and parser for Sigma rules.
sigma detection-engineering
Created 2020-09-10
70 commits to main branch, last one 7 months ago
st0pp3r
awesome-detection-engineer st0pp3r
11
82
cc0-1.0
3
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log reference...
soc awesome security detection awesome-list cybesecurity threat-detection detection-engineering
Created 2025-01-26
238 commits to main branch, last one 15 days ago
0xAnalyst
DefenderATPQueries 0xAnalyst
8
81
gpl-3.0
2
Hunting Queries for Defender ATP
kql sentinel microsoft defender-atp threat-hunting detection-rules detection-engineering
Created 2023-09-12
287 commits to main branch, last one 22 days ago