"topic:detection-rules" — Search

28 results for “topic:detection-rules”

Marble - the real time decision engine for fraud and AML

amlcase-managementcompliancecompliance-automationdetection-rulesfinancial-servicesfraudfraud-detectionmoney-launderingnocoderealtimeriskrule-basedrule-enginesanctionsself-hosted

sublime-security/sublime-platform

A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing. Gain visibility and control, hunt for advanced threats, collaborate with the community, and write detections-as-code.

Shell24929Updated 1 day ago

detection-rulesemail-securityphishingphishing-detectionsecuritysecurity-tools

mandiant/thiri-notebookArchived

The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.

Python15416Updated 4 months ago

detection-rulessnortthreat-huntingyara

polaris64/web_exploit_detector

The Web Exploit Detector is a Node.js application used to detect possible infections, malicious code and suspicious files in web hosting environments

JavaScript8636Updated 1 month ago

cmsdetection-rulesexploitsinfectionnodejsphpscannersecurity-auditsuspicious-fileswebwordpresswso-webshell

0xAnalyst/DefenderATPQueries

Hunting Queries for Defender ATP

839Updated 1 month ago

defender-atpdetection-engineeringdetection-ruleskqlmicrosoftsentinelthreat-hunting

mthcht/ThreatHunting-Keywords-sigma-rules

Sigma detection rules for hunting with the threathunting-keywords project

Python587Updated 1 month ago

blueteamdetection-engineeringdetection-rulesdfirforensicartifactsmitre-attacksiemsigma-rulesthreat-detectionthreat-huntingthreathunting

cylaris/awesomekqlArchived

Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs

555Updated 2 months ago

azuredetectiondetection-ruleskqlsiem

sentrilite/sentrilite-agent

Sentrilite is a Cloud Runtime Threat Detection & Active Response against Zero-Day Attacks

HTML524Updated 2 days ago

cybersecuritydetection-as-codedetection-engineeringdetection-rulesebpfedrkuberneteslinuxobservabilitysecuritysecurity-auditsecurity-toolsthreat-detectionthreat-huntingthreat-intelligencezero-day-detectionzero-day-exploitzero-day-threatzero-day-vulnerabilityzeroday-attack

elastic/cortado

No description provided.

Python223Updated 2 days ago

detection-ruleselasticrtasecurity-tools

Karneades/SigmaFilterCheck

Check Sigma rules for easy-to-bypass whitelists to make them more robust (https://github.com/SigmaHQ/sigma)

Python151Updated 3 weeks ago

detectiondetection-rulessigma

LasCC/SentinelOne-Userscript

A userscript that enhances the SentinelOne PowerQuery interface with a custom threat hunting button that follow the website UI / UX design interface.

JavaScript101Updated 1 week ago

detectiondetection-engineeringdetection-rulessentinelonesentinelone-powerquerysentinelone-threat-huntingthreat-huntingthreathuntinguserscript

austinsonger/elastic-detection-cli

Docker Container for Elastic Detection CLI

Dockerfile81Updated 2 years ago

detectiondetection-rulesdockerdocker-composedocker-containerdocker-hubdocker-imageelasticelasticsearch

muchdogesec/txt2detection

A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.

Python71Updated 5 days ago

detection-engineeringdetection-rulessiem

dfirvault/Splunk-DFIR-Dashboards

A collection of custom-built dashboards for threat hunting.

60Updated 1 month ago

blue-teamcybersecuritydetectiondetection-engineeringdetection-rulesdfirdfirvaultincident-responseiocmalware-analysisplasosecurity-monitoringsiemsplunkthreat-intelligencethreathunting

muchdogesec/siemrules

An API that takes a txt file containing threat intelligence and turns it into a detection rule.

Python42Updated 4 days ago

detection-engineeringdetection-rulessiemsoar

gapsc-us/labcomdig

Files for the lab of Digital Communications at the University of Seville.

Jupyter Notebook31Updated 4 months ago

communicationsdetection-rulespythonqam-demodulationqam-modulationstatistics

vastlimits/uberAgent-config

uberAgent configuration: UXM settings & ESA rules + checks

PowerShell32Updated 3 months ago

detection-rulesendpoint-monitoringendpoint-security

sankyhack/Kubernetes-Detection-Engineering

This repo, focuses on detection engineering for Kubernetes Cluster. Sysdig Falco is used to create rules.

20Updated 1 week ago

cloud-nativedetection-engineeringdetection-rulesfalco-ruleskuberneteskubernetes-securitymitreruntime-securitysiem-rulesthreat-detection

colvert-project/colvert

Manage your detection use cases portfolio

Python20Updated 2 months ago

bootstrap5certcolvertcsirtcsirt-activitiescsirt-toolingdetection-rulesdetection-use-casesdjangodjango-applicationdjango-projectmanagementmitre-attackpythonpython3siemsiem-toolssigmasigma-rulessoc

muchdogesec/awesome_detection_rules

A curated list of Awesome Detection Rules

21Updated 5 months ago

detection-engineeringdetection-rulesinfosecsiemthreat-intelthreat-intelligencexdr

garnet-org/jibril-recipes

Jibril public security detection recipes.

20Updated 1 month ago

cnappcwppdetection-rulesedrsecurity

deXwn/DFIR_Log_Parser

Fast DFIR toolkit built for high-volume EVTX and log analysis, delivering rapid parsing, detection-driven triage, timeline reconstruction, and case-ready reporting.

Rust10Updated 1 day ago

detectiondetection-rulesdfirevtxevtx-analisysparserparsingrust-parser

michaelelizarov/lotl-detection-poc

POC framework for detecting LOLBin abuse in Sysmon logs using Splunk SPL. Implements 12 layered checks (signature matching, parent-child anomalies, threat intel, statistical baselines) with risk scoring for automated alert prioritization. Supports standalone Splunk or distributed n8n architecture.

Python10Updated 2 months ago

cybersecuritydetection-ruleslolbinslotlmitre-attackn8nsiemsoarsplunksysmonthreat-detection

jaamaal/detection-lab

This detection engineering repo is for the Detection as Code CI/CD pipeline

Python10Updated 4 days ago