Marble - the real time decision engine for fraud and AML
A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing. Gain visibility and control, hunt for advanced threats, collaborate with the community, and write detections-as-code.
The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.
The Web Exploit Detector is a Node.js application used to detect possible infections, malicious code and suspicious files in web hosting environments
Hunting Queries for Defender ATP
Sigma detection rules for hunting with the threathunting-keywords project
Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
Check Sigma rules for easy-to-bypass whitelists to make them more robust (https://github.com/SigmaHQ/sigma)
Docker Container for Elastic Detection CLI
A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.
uberAgent configuration: UXM settings & ESA rules + checks
Wahy (or "revelation") - Public collection of Jibril Runtime Security detection recipes.
An API that takes a txt file containing threat intelligence and turns it into a detection rule.
Files for the lab of Digital Communications at the University of Seville.
Manage your detection use cases portfolio
A curated list of Awesome Detection Rules
Ashkaal (or "forms") - Public collection of Jibril Runtime Security used types.
A userscript that enhances the SentinelOne PowerQuery interface with a custom threat hunting button that follow the website UI / UX design interface.
Add a description, image, and links to the detection-rules topic page so that developers can more easily learn about it.
To associate your repository with the detection-rules topic, visit your repo's landing page and select "manage topics."