Topic: "detection-engineering"
sbousseaden/EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
Language: HTML - Size: 6.05 MB - Last synced at: 4 months ago - Pushed at: over 2 years ago - Stars: 2,322 - Forks: 413

DataDog/stratus-red-team
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
Language: Go - Size: 3.8 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 2,043 - Forks: 246

mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Language: Python - Size: 367 KB - Last synced at: 2 months ago - Pushed at: over 1 year ago - Stars: 1,897 - Forks: 223

matanolabs/matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Language: Rust - Size: 11 MB - Last synced at: about 2 months ago - Pushed at: 7 months ago - Stars: 1,559 - Forks: 111

splunk/security_content
Splunk Security Content
Language: Python - Size: 291 MB - Last synced at: 2 days ago - Pushed at: 2 days ago - Stars: 1,458 - Forks: 410

BushidoUK/Ransomware-Tool-Matrix
A resource containing all the tools each ransomware gangs uses
Size: 692 KB - Last synced at: 19 days ago - Pushed at: 19 days ago - Stars: 1,065 - Forks: 117

mthcht/awesome-lists
Awesome Security lists for SOC/CERT/CTI
Language: YARA - Size: 18.7 GB - Last synced at: about 12 hours ago - Pushed at: about 12 hours ago - Stars: 1,050 - Forks: 135

infosecB/awesome-detection-engineering
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
Size: 130 KB - Last synced at: 13 days ago - Pushed at: 26 days ago - Stars: 1,011 - Forks: 92

mikeroyal/Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
Language: Go - Size: 655 KB - Last synced at: 2 months ago - Pushed at: over 1 year ago - Stars: 965 - Forks: 86

mvelazc0/PurpleSharp
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
Language: C# - Size: 859 KB - Last synced at: 15 days ago - Pushed at: 7 months ago - Stars: 813 - Forks: 111

Cyb3r-Monk/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Language: Jupyter Notebook - Size: 407 KB - Last synced at: about 2 months ago - Pushed at: 4 months ago - Stars: 731 - Forks: 105

runreveal/pql
Pipelined Query Language
Language: Go - Size: 215 KB - Last synced at: 4 months ago - Pushed at: 7 months ago - Stars: 649 - Forks: 25

mthcht/ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
Language: PowerShell - Size: 209 MB - Last synced at: 12 days ago - Pushed at: 23 days ago - Stars: 585 - Forks: 70

sbousseaden/Slides
Misc Threat Hunting Resources
Size: 13.6 MB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 359 - Forks: 61

nianticlabs/venator
A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.
Language: Go - Size: 356 KB - Last synced at: 8 months ago - Pushed at: 10 months ago - Stars: 353 - Forks: 19

DataDog/threatest
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
Language: Go - Size: 382 KB - Last synced at: 5 days ago - Pushed at: 3 months ago - Stars: 331 - Forks: 24

DataDog/grimoire
Generate datasets of cloud audit logs for common attacks
Language: Go - Size: 1.11 MB - Last synced at: 8 days ago - Pushed at: 12 months ago - Stars: 216 - Forks: 20

lolc2/lolc2.github.io
lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection
Language: HTML - Size: 37.5 MB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 209 - Forks: 18

mthcht/Purpleteam
Purpleteam scripts simulation & Detection - trigger events for SOC detections
Language: PowerShell - Size: 39.5 MB - Last synced at: about 1 month ago - Pushed at: 7 months ago - Stars: 185 - Forks: 20

nasbench/SIGMA-Resources
Resources To Learn And Understand SIGMA Rules
Size: 13.7 KB - Last synced at: 5 days ago - Pushed at: over 2 years ago - Stars: 179 - Forks: 13

0xrawsec/gene
Signature engine for all your logs
Language: Go - Size: 5.64 MB - Last synced at: about 1 month ago - Pushed at: over 1 year ago - Stars: 170 - Forks: 19

3CORESec/SIEGMA
SIEGMA - Transform Sigma rules into SIEM consumables
Language: Python - Size: 1.01 MB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 149 - Forks: 23

lawndoc/AdvancedHuntingQueries
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.
Size: 327 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 124 - Forks: 17

mthcht/ThreatHunting-Keywords-yara-rules
yara detection rules for hunting with the threathunting-keywords project
Language: YARA - Size: 86.4 MB - Last synced at: 12 days ago - Pushed at: 3 months ago - Stars: 124 - Forks: 18

rfackroyd/detection-engineering-starter-pack
A starter pack of resources to help you get started in Detection Engineering.
Size: 18.6 KB - Last synced at: 18 days ago - Pushed at: 18 days ago - Stars: 110 - Forks: 16

mvelazc0/attack2jira
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage
Language: Python - Size: 50.8 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 108 - Forks: 31

st0pp3r/awesome-detection-engineer
Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
Language: HTML - Size: 512 KB - Last synced at: 6 days ago - Pushed at: 14 days ago - Stars: 104 - Forks: 14

anvilogic-forge/armory
Anvilogic Forge
Size: 2.33 MB - Last synced at: 22 days ago - Pushed at: 23 days ago - Stars: 104 - Forks: 7

ControlCompass/ControlCompass.github.io
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
Language: JavaScript - Size: 2.78 MB - Last synced at: over 2 years ago - Pushed at: almost 3 years ago - Stars: 91 - Forks: 20

bradleyjkemp/sigma-go
A Go implementation and parser for Sigma rules.
Language: Go - Size: 357 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 89 - Forks: 18

AttackIQ/SigmAIQ
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
Language: Python - Size: 1.49 MB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 81 - Forks: 12

0xAnalyst/DefenderATPQueries
Hunting Queries for Defender ATP
Size: 349 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 81 - Forks: 8

adrianlois/DFIR-Detection-Engineering
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.
Size: 1.29 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 80 - Forks: 12

AlbinoGazelle/esxi-testing-toolkit
🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.
Language: Python - Size: 13 MB - Last synced at: about 1 month ago - Pushed at: 3 months ago - Stars: 76 - Forks: 10

krdmnbrk/AttackRuleMap
Mapping of open-source detection rules and atomic tests.
Size: 1.65 MB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 72 - Forks: 7

mannyfred/MentalTi
Mentally ill EtwTi parser
Language: C++ - Size: 248 KB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 63 - Forks: 3

reversinglabs/reversinglabs-siem-rules
A collection of various SIEM rules relating to malware family groups.
Language: YARA - Size: 164 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 59 - Forks: 6

infosecB/detection-as-code
An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
Language: Python - Size: 33.2 KB - Last synced at: 3 months ago - Pushed at: over 3 years ago - Stars: 55 - Forks: 14

mthcht/ThreatHunting-Keywords-sigma-rules
Sigma detection rules for hunting with the threathunting-keywords project
Language: Python - Size: 176 MB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 54 - Forks: 7

3CORESec/Automata
Automatic detection engineering technical state compliance
Language: Python - Size: 3.24 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 48 - Forks: 11

west-wind/Threat-Hunting-With-Splunk
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
Size: 53.7 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 48 - Forks: 6

M3NIX/sigmaio 📦
simple webapp for converting sigma rules into siem queries using the pySigma library
Language: HTML - Size: 53.7 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 43 - Forks: 3

center-for-threat-informed-defense/summiting-the-pyramid
Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.
Language: Makefile - Size: 22 MB - Last synced at: about 2 months ago - Pushed at: 2 months ago - Stars: 41 - Forks: 3

certeu/droid
A pySigma wrapper to manage detection rules.
Language: Python - Size: 259 KB - Last synced at: 19 days ago - Pushed at: 19 days ago - Stars: 40 - Forks: 4

nasbench/Eventlog_Compendium
The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.
Language: Python - Size: 149 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 37 - Forks: 3

krdmnbrk/atomicgen.io
A simple tool designed to create Atomic Red Team tests with ease.
Language: JavaScript - Size: 722 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 37 - Forks: 4

LogCraftIO/logcraft-cli
Detection-as-Code CI/CD pipeline for modern security operations (SIEM, EDR, XDR, ...)
Language: Rust - Size: 592 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 21 - Forks: 1

center-for-threat-informed-defense/m3tid
The Measure, Maximize, and Mature Threat-Informed Defense (M3TID) project defines what Threat-Informed Defense (TID) is and the key activities associated with its practice.
Language: Makefile - Size: 5.69 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 16 - Forks: 3

Digital-Defense-Institute/lc-detectionforge
A specialized environment for crafting, validating, and testing LimaCharlie detection rules
Language: Vue - Size: 493 KB - Last synced at: 1 day ago - Pushed at: 5 days ago - Stars: 14 - Forks: 2

BenjiTrapp/aws-threat-hunting
Short deep dive into Threat Hunting on AWS
Language: Jupyter Notebook - Size: 234 MB - Last synced at: 6 days ago - Pushed at: almost 2 years ago - Stars: 13 - Forks: 2

panther-labs/pypanther-starter-kit
A Python-native Detection as Code Framework
Language: Python - Size: 312 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 12 - Forks: 6

panther-labs/pypanther
A Pythonic Detection Rules Framework
Language: Python - Size: 3.2 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 11 - Forks: 2

TracecatHQ/hunts
🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.
Language: Jupyter Notebook - Size: 69.3 KB - Last synced at: about 1 month ago - Pushed at: about 1 year ago - Stars: 11 - Forks: 1

erickatwork/threat-detection-engineering-reference
Resource for all things threat detection
Size: 3.98 MB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 9 - Forks: 0

H3llKa1ser/SOC-Assistant-Guide
A Security Operations playbook to assist blue teamers from day-to-day tasks to Digital Forensics and Incident Response (DFIR) activities.
Size: 182 KB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 9 - Forks: 2

deadbits/trs
🔭 Threat report analysis via LLM and Vector DB
Language: Python - Size: 1.29 MB - Last synced at: 3 months ago - Pushed at: over 1 year ago - Stars: 9 - Forks: 1

qasimqlf/StepbyStep_CyberSecurity
A Step by Step Guide for Cyber Security Beginners to Jump into the right path
Size: 41.1 MB - Last synced at: 6 months ago - Pushed at: over 2 years ago - Stars: 8 - Forks: 11

oliviagallucci/og-apple-security
my notes on Apple security 💻🍏
Language: Objective-C - Size: 41.8 MB - Last synced at: about 10 hours ago - Pushed at: about 13 hours ago - Stars: 7 - Forks: 0

muchdogesec/txt2detection
A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.
Language: Python - Size: 380 KB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 7 - Forks: 1

jacobstickney/ThreatActorProcedures-MITRE-ATTACK
A collection of specific commands used by threat actors, detailing their procedural implementations of tactics and techniques from the MITRE ATT&CK framework.
Size: 126 KB - Last synced at: 3 months ago - Pushed at: 6 months ago - Stars: 7 - Forks: 2

MrM8BRH/Defensive-Security-Hub
A curated collection of essential resources, tools, and references for Security Operations Center (SOC) analysts.
Size: 3.85 MB - Last synced at: 1 day ago - Pushed at: 1 day ago - Stars: 6 - Forks: 1

circulatedev/circulate
The Open Source Threat Intelligence Knowledge Graph for identifying and correlating TTPs, IOCs, and insights relevant to your organization.
Language: HCL - Size: 2.1 MB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 6 - Forks: 1

CodeByHarri/Sigma2KQL
Sigma Queries turned into KQL for Defender using pysigma
Size: 753 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 5 - Forks: 2

JakePeralta7/CyberSecurity
Research, Rules, Books, Tools and more basic stuff you can get anywhere
Language: Python - Size: 439 MB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 5 - Forks: 0

crazyeights225/WinEventLogExplorer
Capture all events across all logs produced during the running of a particular exploit/script. Search and filter events
Language: PowerShell - Size: 1.26 MB - Last synced at: almost 2 years ago - Pushed at: almost 4 years ago - Stars: 5 - Forks: 0

Arizona-Cyber-Threat-Response-Alliance/rmm-detection
A repository for tools and resources for detecting and managing RMM in enterprise environments.
Size: 640 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 4 - Forks: 2

cyberphor/deathlab
My Detection Engineering and Threat Hunting (DEATH) Lab.
Language: HCL - Size: 229 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 4 - Forks: 0

databricks-industry-solutions/cybersecurity-ml-tutorials
Machine learning notebooks using cybersecurity data
Language: Python - Size: 43 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 4 - Forks: 0

infosecB/generate_attacknav_layer
A Python CLI utility for quickly converting a list or text file of MITRE ATT&CK technique IDs to a MITRE ATT&CK Navigator layer .JSON file.
Language: Python - Size: 33 MB - Last synced at: about 2 months ago - Pushed at: over 3 years ago - Stars: 4 - Forks: 0

darkquasar/purplerepo
🛡️⚔️ Curated GitHub repos for Defensive & Offensive Cyber Tradecraft
Language: TypeScript - Size: 17.4 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 3 - Forks: 2

runreveal/runreveal-docs
The code powering RunReveal's documentation.
Language: MDX - Size: 28.1 MB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 3 - Forks: 3

whichbuffer/Threat-Detection-Rules
Threat Detection Repository - YARA / SIGMA rules
Language: YARA - Size: 104 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 3 - Forks: 0

2O0K/Sentinel-Rules
Updated Sigma2KQL script written by @CodeByHarri + Generating Analytics & Hunting Rules ready for Sentinel Deployment
Language: Python - Size: 6.79 MB - Last synced at: 2 months ago - Pushed at: 11 months ago - Stars: 2 - Forks: 0

LogCraftIO/logcraft-cli-plugins
Plugins for LogCraft CLI
Language: Rust - Size: 120 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 2 - Forks: 0

rgi-group/Cloud-DART
Cloud-DART is a comprehensive repository that provides Standard Operating Procedures (SOPs), Jupyter Notebooks, and code blocks for detection and response in cloud environments. This repository is designed to assist security professionals in automating and enhancing their cloud security posture.
Language: Python - Size: 1.15 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 0

Ben4FH/Adaz-Sentinel Fork of christophetd/Adaz
Microsoft Sentinel fork of Adaz :wrench: Deploy customizable Active Directory labs in Azure - automatically.
Language: HCL - Size: 4.16 MB - Last synced at: over 2 years ago - Pushed at: almost 3 years ago - Stars: 2 - Forks: 0

3CORESec/dtio-kb
Technical resources and knowledge base for dtection.io
Language: Shell - Size: 22.8 MB - Last synced at: over 2 years ago - Pushed at: about 4 years ago - Stars: 2 - Forks: 0

muchdogesec/siemrules
An API that takes a txt file containing threat intelligence and turns it into a detection rule.
Language: Python - Size: 473 KB - Last synced at: 1 day ago - Pushed at: 1 day ago - Stars: 1 - Forks: 1

penxpkj/Defensive-Security-Hub
# Defensive Security Hub A curated collection of essential resources, tools, and references for Security Operations Center (SOC) analysts. This repository aims to support your security efforts and enhance your skills. 🌐🔒
Size: 25.4 KB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 1 - Forks: 0

certeu/moriohub
No need to re-invent the observability wheel. What you need is perhaps already on Moriohub!
Language: JavaScript - Size: 150 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 1 - Forks: 2

pop-ecx/sigma-ls
A minimal language server to help in writing sigma rules
Language: Python - Size: 31.2 MB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 1 - Forks: 0

Aamir-Muhammad/CrowdStrike-Queries
CrowdStrike Falcon Advanced Threat Hunting Queries
Size: 35.2 KB - Last synced at: 25 days ago - Pushed at: 3 months ago - Stars: 1 - Forks: 0

infosecB/Rulehound
An index of publicly available and open-source threat detection rulesets.
Size: 286 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 1 - Forks: 0

muchdogesec/awesome_detection_rules
A curated list of Awesome Detection Rules
Size: 5.86 KB - Last synced at: 8 days ago - Pushed at: 8 months ago - Stars: 1 - Forks: 1

lukejjh/MicrosoftSentinel
An assortment of resources pertaining to Defender XDR and Microsoft Sentinel, such as KQL hunting queries and workbooks.
Size: 3.02 MB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 1 - Forks: 0

fish-not-phish/cb-inspector
De-facto parent tenant for Carbon Black Enterprise EDR
Language: Python - Size: 72.3 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0

TTLNinja/madlibs
DNS sourced Mad Lib Game
Language: HTML - Size: 179 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 0 - Forks: 0

integrateddefense/lab_infra
Infrastructure as Code for the home lab
Size: 258 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 0 - Forks: 0

ndr-repo/awesome-threat-hunting
Size: 45.9 KB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 0 - Forks: 0

Chintan2604/forensic
Conteneur Docker tout-en-un pour l'investigation numérique, incluant des outils préinstallés pour l'analyse forensique de disques, mémoire, malwares et appareils mobiles.
Language: Dockerfile - Size: 11.7 KB - Last synced at: 8 days ago - Pushed at: 8 days ago - Stars: 0 - Forks: 0

Gamlive11/og-apple-security
Explore notes on Apple security, focusing on macOS detection engineering and threat hunting. Enhance your skills with resources and practical insights. 🐙🍏
Size: 1.95 KB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 0 - Forks: 0

Guilh6924/grimoire
Create professional EPUBs effortlessly with Grimoire. Perfect for authors, bloggers, and educators. Start writing today! 🚀📚
Language: JavaScript - Size: 117 KB - Last synced at: 29 days ago - Pushed at: 29 days ago - Stars: 0 - Forks: 0

texasbe2trill/sigma-linux-backend
A lightweight, standalone implementation for Sigma rule evaluation when the full pySigma backend ecosystem isn't available or when you need a simple, dependency-light solution.
Language: Python - Size: 46.9 KB - Last synced at: 7 days ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0

wai-htet/Threat-Detection-Pipeline
A modular, containerized cybersecurity pipeline that simulates real-time threat detection, centralized logging (SIEM), and automated incident response (SOAR). Built for scalability, automation, and real-world detection engineering.
Language: Python - Size: 3.91 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0

mf1d3l/HayabusaToWinEventLog
Hayabusa to the SIEM made easy
Language: PowerShell - Size: 531 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0

rhejos/soc-detection-lab
Detection engineering lab using Splunk, Sigma, and Windows logs — mapped to MITRE ATT&CK
Size: 1.95 KB - Last synced at: 2 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

armandoariasinfosec/splunk-brute-force-detection-lab
Detect and alert brute-force RDP attacks using Splunk, Windows logs, and a simulated Kali Linux attacker. Home lab project.
Size: 7.81 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

Samriddhi5/incident-response-playbooks
Incident response playbooks and templates for real-world security scenarios
Size: 0 Bytes - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 0 - Forks: 0

SpoofIMEI/LiteCanary
Self hostable canary alerts
Language: Go - Size: 46.9 KB - Last synced at: about 2 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0

xpinux/Project-SABER
Project-SABER: A repository of KQL queries and parsers for threat hunting, threat detection, and log parsing in Microsoft Sentinel & Microsoft XDR (formerly Microsoft 365 Defender)
Size: 58.6 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0
