39 results found Sort:

sbousseaden
EVTX-ATTACK-SAMPLES sbousseaden
401
2.3k
gpl-3.0
143
Windows Events Attack Samples
dfir evtx dataset winlogbeat mitre-attack threat-hunting windows-security detection-engineering
Created 2019-03-15
676 commits to master branch, last one about a year ago
DataDog
stratus-red-team DataDog
216
1.8k
apache-2.0
38
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
aws security purple-team aws-security gcp-security mitre-attack azure-security cloud-security threat-detection adversary-emulation kubernetes-security cloud-native-security detection-engineering
Created 2022-01-07
695 commits to main branch, last one 5 days ago
mikeroyal
Digital-Forensics-Guide mikeroyal
211
1.7k
unknown
31
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
dfir siem osint alerting security forensics mitre-attack port-scanning cyber-security forensics-tools digitalforensics network-security digital-forensics forensic-analysis offensive-security intrusion-detection threat-intelligence detection-engineering digitalforensicreadiness forensics-investigations
Created 2021-08-06
81 commits to main branch, last one 11 months ago
matanolabs
matano matanolabs
101
1.5k
apache-2.0
22
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
aws dfir rust siem cloud secops alerting big-data security serverless aws-security cloud-native cybersecurity log-analytics apache-iceberg cloud-security log-management security-tools threat-hunting detection-engineering
Created 2022-07-03
575 commits to main branch, last one 6 months ago
splunk
security_content splunk
363
1.3k
apache-2.0
71
Splunk Security Content
cicd splunk detection responses engineering cybersecurity detection-engineering
Created 2018-12-18
24,989 commits to develop branch, last one 12 days ago
mikeroyal
Open-Source-Security-Guide mikeroyal
86
925
unknown
29
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
siem infosec compliance kali-linux pentesters mitre-attack surveillance scanning-tool cyber-security forensics-tools vulnerabilities network-analysis incident-response offensive-security privacy-protection incident-management intrusion-detection information-security detection-engineering vulnerability-detection
Created 2020-10-17
118 commits to main branch, last one 11 months ago
infosecB
awesome-detection-engineering infosecB
77
860
cc0-1.0
28
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying m...
mitre splunk awesome awesome-list cybersecurity threat-detection detection-engineering
Created 2020-09-26
125 commits to main branch, last one 2 months ago
BushidoUK
Ransomware-Tool-Matrix BushidoUK
88
779
unknown
22
A resource containing all the tools each ransomware gangs uses
cti osint hacking ransomware threatintel cybersecurity threat-hunting threat-intelligence detection-engineering
Created 2024-08-12
565 commits to main branch, last one 23 days ago
mvelazc0
PurpleSharp mvelazc0
110
776
bsd-3-clause
30
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
purple-team controls-validation adversary-simulation detection-engineering
Created 2019-09-08
161 commits to master branch, last one about a year ago
mthcht
awesome-lists mthcht
83
724
mit
27
Awesome Security lists for SOC/CERT/CTI
ir cti ioc rmm soc dfir iocs siem redteam blueteam security detection hacktools ransomware awesome-list blueteam-tools threat-hunting incident-response threat-intelligence detection-engineering
Created 2022-12-11
10,782 commits to main branch, last one 3 hours ago
runreveal
pql runreveal
25
647
apache-2.0
5
Pipelined Query Language
go sql siem golang clickhouse query-language detection-engineering
Created 2024-01-26
118 commits to main branch, last one 5 months ago
Cyb3r-Monk
Threat-Hunting-and-Detection Cyb3r-Monk
102
646
bsd-3-clause
29
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
kql dfir cybersecurity kusto-language threat-hunting threat-detection microsoft-sentinel defender-for-endpoint detection-engineering
Created 2020-11-02
25 commits to main branch, last one 10 days ago
mthcht
ThreatHunting-Keywords mthcht
54
475
unknown
11
Awesome list of keywords and artifacts for Threat Hunting sessions
soc dfir iocs siem splunk redteam blueteam forensic elk-stack hacktools yara-rules awesome-list threathunting threat-hunting endpoint-security incident-response offensive-scripts offensive-security threat-intelligence detection-engineering
Created 2023-05-16
505 commits to main branch, last one 22 days ago
sbousseaden
Slides sbousseaden
61
372
unknown
33
Misc Threat Hunting Resources
dfir mindmap threat-hunting detection-engineering
Created 2019-10-20
75 commits to master branch, last one 2 years ago
nianticlabs
venator nianticlabs
19
357
mit
4
A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.
golang kubernetes threat-detection detection-engineering
Created 2024-09-30
11 commits to main branch, last one 2 months ago
DataDog
threatest DataDog
22
319
apache-2.0
13
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
threat-detection continuous-security security-automation detection-engineering
Created 2022-06-16
99 commits to main branch, last one 11 months ago
DataDog
grimoire DataDog
14
185
apache-2.0
3
Generate datasets of cloud audit logs for common attacks
purpleteaming cloud-security detection-engineering
Created 2023-01-24
48 commits to main branch, last one 3 months ago
nasbench
SIGMA-Resources nasbench
14
169
unknown
9
Resources To Learn And Understand SIGMA Rules
linux rules sigma awesome windows learning detection resources sigma-rules detection-engineering
Created 2021-10-10
13 commits to main branch, last one about a year ago
mthcht
Purpleteam mthcht
18
161
unknown
8
Purpleteam scripts simulation & Detection - trigger events for SOC detections
ioc soc siem linux awesome redteam tactics windows blueteam security detection purpleteam simulation techniques awesome-list mitre-attack threathunting threat-hunting offensive-scripts detection-engineering
Created 2022-12-05
721 commits to main branch, last one 23 days ago
0xrawsec
gene 0xrawsec
17
161
gpl-3.0
14
Signature engine for all your logs
dfir threat-hunting detection-engineering
Created 2017-07-20
114 commits to master branch, last one about a year ago
3CORESec
SIEGMA 3CORESec
21
143
agpl-3.0
10
SIEGMA - Transform Sigma rules into SIEM consumables
siem sigma security data-driven detection-engineering
Created 2020-09-28
232 commits to master branch, last one about a year ago
ControlCompass
ControlCompass.github.io ControlCompass
26
123
mit
6
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
soc siem infosec red-team security detection red-teaming intelligence mitre-attack cybersecurity security-tools threat-hunting security-operations threat-intelligence information-security detection-engineering
Created 2022-01-24
182 commits to main branch, last one 2 years ago
lawndoc
AdvancedHuntingQueries lawndoc
16
111
unlicense
5
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
kql xdr kusto hunting defender security detection microsoft defender-atp microsoft365 cybersecurity cyber-security threat-hunting defender-for-endpoint detection-engineering
Created 2021-08-13
140 commits to main branch, last one 3 months ago
mvelazc0
attack2jira mvelazc0
29
111
bsd-3-clause
8
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage
mitre mitre-attack attack-coverage detection-engineering
Created 2019-10-02
48 commits to master branch, last one about a year ago
mthcht
ThreatHunting-Keywords-yara-rules mthcht
11
89
other
6
yara detection rules for hunting with the threathunting-keywords project
dfir hunting blueteam hacktools yara-rules awesome-list yara-scanner threat-hunting yara-forensics forensics-tools yara-signatures incident-response offensive-security threat-intelligence detection-engineering
Created 2023-10-19
110 commits to main branch, last one 9 days ago
anvilogic-forge
armory anvilogic-forge
5
86
gpl-3.0
5
Anvilogic Forge
splunk detection snowflake threat-hunting detection-engineering
Created 2024-02-05
790 commits to main branch, last one 5 days ago
bradleyjkemp
sigma-go bradleyjkemp
18
85
mit
5
A Go implementation and parser for Sigma rules.
sigma detection-engineering
Created 2020-09-10
70 commits to main branch, last one 2 months ago
0xAnalyst
DefenderATPQueries 0xAnalyst
8
73
gpl-3.0
2
Hunting Queries for Defender ATP
kql sentinel microsoft defender-atp threat-hunting detection-rules detection-engineering
Created 2023-09-12
276 commits to main branch, last one 16 days ago
adrianlois
DFIR-Detection-Engineering adrianlois
11
73
gpl-3.0
2
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos ...
dfir tips linux macosx tricks forense malware windows security artefacts deteccion forensics artefactos evidencias anti-forense cybersecurity digital-forensics incident-response detection-engineering
Created 2023-06-26
262 commits to main branch, last one 28 days ago
AttackIQ
SigmAIQ AttackIQ
12
69
lgpl-2.1
1
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
llm sigma python3 security langchain sigma-rules security-tools detection-engineering
Created 2023-06-13
74 commits to master branch, last one 25 days ago