Content-Library-CIM2 by ExabeamLabs

None

updated at July 28, 2024, 5:45 a.m.

1 +0

16 +0

3 +0

Threat-Hunting-With-Splunk by west-wind

Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

updated at Aug. 18, 2024, 3:49 p.m.

3 +0

55 +0

8 +0

security-stack-mappings by center-for-threat-informed-defense

🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

updated at Aug. 25, 2024, 12:31 p.m.

86 +0

379 +0

64 +0

detection-and-response-pipeline by 0x4D31

✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. 👷 🏗

updated at Sept. 11, 2024, 3:49 p.m.

12 +0

246 +0

20 +0

CIMLibrary by ExabeamLabs

CIM Library

updated at Sept. 17, 2024, 2:44 p.m.

0 +0

9 +0

3 +0

armory by anvilogic-forge

Anvilogic Forge

updated at Sept. 20, 2024, 3:55 p.m.

3 +0

81 +1

5 +0

salo by splunk

Synthetic Adversarial Log Objects: A Framework for synthentic log generation

updated at Sept. 21, 2024, 1:39 p.m.

8 +0

77 +1

8 +0

elastalert by Yelp

Easy & Flexible Alerting With ElasticSearch

updated at Sept. 21, 2024, 1:41 p.m.

246 +1

7,994 +2

1,735 +0

detection-rules by chronicle

Collection of YARA-L 2.0 sample rules for the Chronicle Detection API

updated at Sept. 21, 2024, 1:45 p.m.

37 +1

300 +4

72 +1

security-analytics by GoogleCloudPlatform

Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud

updated at Sept. 21, 2024, 1:45 p.m.

27 -1

318 +1

68 -1

alerting-detection-strategy-framework by palantir

A framework for developing alerting and detection strategies for incident response.

updated at Sept. 21, 2024, 1:51 p.m.

280 +0

658 +6

115 +0

Hunting-Queries-Detection-Rules by Bert-JanP

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

updated at Sept. 22, 2024, 12:38 a.m.

61 +2

1,170 +6

221 +2

matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

updated at Sept. 22, 2024, 2:58 a.m.

23 +0

1,448 +5

98 +1

security_content by splunk

Splunk Security Content

updated at Sept. 22, 2024, 4:58 a.m.

68 +0

1,255 +9

353 +3

sigma by SigmaHQ

Main Sigma Rule Repository

updated at Sept. 22, 2024, 6:40 a.m.

342 +2

8,132 +31

2,159 +7

loghub by logpai

A large collection of system log datasets for AI-driven log analytics [ISSRE'23]

updated at Sept. 22, 2024, 9:40 a.m.

57 +0

1,715 +8

587 +0

awesome-kubernetes-threat-detection by jatrost

A curated list of resources about detecting threats and defending Kubernetes systems.

updated at Sept. 22, 2024, 2:32 p.m.

10 +0

357 +2

33 +0