sigma by SigmaHQ

Main Sigma Rule Repository

created at Dec. 24, 2016, 9:48 a.m.

Python

346 +0

8,479 +32

2,222 +8

GitHub
elastalert by Yelp

Easy & Flexible Alerting With ElasticSearch

created at Nov. 24, 2014, 7:39 p.m.

Python

244 +0

8,005 +1

1,737 +2

GitHub
loghub by logpai

A large collection of system log datasets for AI-driven log analytics [ISSRE'23]

created at June 8, 2016, 2:51 p.m.

Unknown languages

59 +0

1,882 +13

609 +2

GitHub
matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

created at July 3, 2022, 1:41 p.m.

Rust

22 +0

1,482 +2

103 +2

GitHub
security_content by splunk

Splunk Security Content

created at Dec. 18, 2018, 9:14 p.m.

Python

71 +0

1,317 +7

371 +3

GitHub
Hunting-Queries-Detection-Rules by Bert-JanP

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

created at May 30, 2022, 5:28 p.m.

Python

64 -1

1,292 +10

238 +2

GitHub
alerting-detection-strategy-framework by palantir

A framework for developing alerting and detection strategies for incident response.

created at Dec. 19, 2017, 1:33 a.m.

Unknown languages

295 -1

705 +3

121 +1

GitHub
security-stack-mappings by center-for-threat-informed-defense

🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

created at Nov. 18, 2020, 6:48 p.m.

Python

86 +0

379 +0

63 +0

GitHub
awesome-kubernetes-threat-detection by jatrost

A curated list of resources about detecting threats and defending Kubernetes systems.

created at March 4, 2023, 9:20 p.m.

Unknown languages

11 +0

368 +2

33 +0

GitHub
detection-rules by chronicle

Collection of YARA-L 2.0 sample rules for the Chronicle Detection API

created at Jan. 19, 2021, 9:30 p.m.

Python

38 -1

327 +3

78 +1

GitHub
security-analytics by GoogleCloudPlatform

Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud

created at Jan. 11, 2022, 9:47 p.m.

Python

27 +0

327 +1

69 +0

GitHub
detection-and-response-pipeline by 0x4D31

✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. 👷 🏗

created at July 6, 2023, 5:01 p.m.

Unknown languages

13 +0

262 +2

23 +0

GitHub
armory by anvilogic-forge

Anvilogic Forge

created at Feb. 5, 2024, 4:37 p.m.

Unknown languages

5 +0

88 +2

5 +0

GitHub
salo by splunk

Synthetic Adversarial Log Objects: A Framework for synthentic log generation

created at Oct. 26, 2021, 2:10 p.m.

Python

8 +0

77 +0

8 +0

GitHub
Threat-Hunting-With-Splunk by west-wind

Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

created at April 12, 2022, 8:52 a.m.

Unknown languages

3 +0

58 +1

8 +0

GitHub
Content-Library-CIM2 by ExabeamLabs

None

created at Aug. 31, 2022, 4:47 p.m.

Unknown languages

1 +0

16 +0

4 +0

GitHub
CIMLibrary by ExabeamLabs

CIM Library

created at June 15, 2022, 7:32 p.m.

Unknown languages

0 +0

8 +0

4 +0

GitHub