elastalert by Yelp

Easy & Flexible Alerting With ElasticSearch

created at Nov. 24, 2014, 7:39 p.m.

Python

247 +0

7,971 +1

1,738 -1

GitHub
sigma by SigmaHQ

Main Sigma Rule Repository

created at Dec. 24, 2016, 9:48 a.m.

Python

330 +0

7,800 +26

2,118 +10

GitHub
loghub by logpai

A large collection of system log datasets for AI-driven log analytics [ISSRE'23]

created at June 8, 2016, 2:51 p.m.

Unknown languages

56 +1

1,582 +7

572 +1

GitHub
matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

created at July 3, 2022, 1:41 p.m.

Rust

21 +0

1,386 +13

94 +2

GitHub
security_content by splunk

Splunk Security Content

created at Dec. 18, 2018, 9:14 p.m.

Python

64 +0

1,165 +5

332 +1

GitHub
Hunting-Queries-Detection-Rules by Bert-JanP

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

created at May 30, 2022, 5:28 p.m.

Python

51 +0

1,063 +10

191 +2

GitHub
alerting-detection-strategy-framework by palantir

A framework for developing alerting and detection strategies for incident response.

created at Dec. 19, 2017, 1:33 a.m.

Unknown languages

277 +0

634 +3

117 +0

GitHub
security-stack-mappings by center-for-threat-informed-defense

🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

created at Nov. 18, 2020, 6:48 p.m.

Python

81 +0

374 +2

62 +1

GitHub
awesome-kubernetes-threat-detection by jatrost

A curated list of resources about detecting threats and defending Kubernetes systems.

created at March 4, 2023, 9:20 p.m.

Unknown languages

10 +0

347 +2

32 +1

GitHub
security-analytics by GoogleCloudPlatform

Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud

created at Jan. 11, 2022, 9:47 p.m.

Python

28 -1

300 +1

69 +6

GitHub
detection-rules by chronicle

Collection of YARA-L 2.0 sample rules for the Chronicle Detection API

created at Jan. 19, 2021, 9:30 p.m.

Python

35 +1

264 +2

59 +0

GitHub
detection-and-response-pipeline by 0x4D31

✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. 👷 🏗

created at July 6, 2023, 5:01 p.m.

Unknown languages

12 +0

234 +0

19 +0

GitHub
salo by splunk

Synthetic Adversarial Log Objects: A Framework for synthentic log generation

created at Oct. 26, 2021, 2:10 p.m.

Python

8 +0

72 +0

8 +0

GitHub
armory by anvilogic-forge

Anvilogic Forge

created at Feb. 5, 2024, 4:37 p.m.

Unknown languages

3 +0

70 +1

3 +0

GitHub
Threat-Hunting-With-Splunk by west-wind

Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

created at April 12, 2022, 8:52 a.m.

Unknown languages

3 +0

52 +0

7 +0

GitHub
Content-Library-CIM2 by ExabeamLabs

None

created at Aug. 31, 2022, 4:47 p.m.

Unknown languages

1 +0

13 +0

3 +0

GitHub
CIMLibrary by ExabeamLabs

CIM Library

created at June 15, 2022, 7:32 p.m.

Unknown languages

0 +0

8 +1

3 +0

GitHub