detection-rules

Here are 60 public repositories matching this topic...

checkmarble / marble

Marble - the real time decision engine for fraud and AML

rule-engine risk realtime self-hosted compliance financial-services case-management sanctions aml fraud-detection fraud detection-rules rule-based nocode compliance-automation money-laundering

Updated Jun 18, 2026
HTML

sublime-security / sublime-platform

Star

A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing. Gain visibility and control, hunt for advanced threats, collaborate with the community, and write detections-as-code.

security phishing email-security security-tools detection-rules phishing-detection

Updated Jun 18, 2026
Shell

mandiant / thiri-notebook

Star

The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.

threat-hunting yara snort detection-rules

Updated Apr 25, 2022
Python

polaris64 / web_exploit_detector

Star

The Web Exploit Detector is a Node.js application used to detect possible infections, malicious code and suspicious files in web hosting environments

nodejs php wordpress cms security-audit web scanner exploits infection detection-rules wso-webshell suspicious-files

Updated Jul 18, 2017
JavaScript

0xAnalyst / DefenderATPQueries

Star

Hunting Queries for Defender ATP

microsoft sentinel threat-hunting detection-rules kql detection-engineering defender-atp

Updated Apr 1, 2026

mthcht / ThreatHunting-Keywords-sigma-rules

Sponsor

Star

Sigma detection rules for hunting with the threathunting-keywords project

dfir threat-hunting siem blueteam detection-rules mitre-attack threat-detection threathunting detection-engineering sigma-rules forensicartifacts

Updated Mar 2, 2025
Python

cylaris / awesomekql

Star

Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs

azure detection siem detection-rules kql

Updated Jul 20, 2023

elastic / cortado

Star

elastic security-tools detection-rules rta

Updated Jun 23, 2026
Python

Karneades / SigmaFilterCheck

Star

Check Sigma rules for easy-to-bypass whitelists to make them more robust (https://github.com/SigmaHQ/sigma)

detection sigma detection-rules

Updated Feb 1, 2021
Python

KaraZajac / SKELETONKEY

Star

Curated Linux LPE corpus — 28 modules from 2016 to 2026, with detection rules. One command, safest-first root: skeletonkey --auto --i-know

pentesting auditd cve sigma privilege-escalation blueteam linux-security detection-rules redteam exploit-development kernel-security

Updated Jun 8, 2026
C

LasCC / SentinelOne-Userscript

Star

A userscript that enhances the SentinelOne PowerQuery interface with a custom threat hunting button that follow the website UI / UX design interface.

userscript detection threat-hunting detection-rules threathunting detection-engineering sentinelone sentinelone-powerquery sentinelone-threat-hunting

Updated May 30, 2026

austinsonger / elastic-detection-cli

Star

Docker Container for Elastic Detection CLI

docker elasticsearch docker-compose docker-container docker-image detection docker-hub elastic detection-rules

Updated Jan 1, 2024
Dockerfile

muchdogesec / txt2detection

Star

A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.

siem detection-rules detection-engineering

Updated Jun 17, 2026
Python

dfirvault / Splunk-DFIR-Dashboards

Star

A collection of custom-built dashboards for threat hunting.

ioc splunk detection incident-response dfir cybersecurity siem malware-analysis threat-intelligence detection-rules plaso blue-team security-monitoring threathunting detection-engineering dfirvault

Updated Jan 21, 2026

ecop-th / detection-rules

Star

🛡️ Open-source Sigma rules, Sysmon config & IR playbooks for Thai/ASEAN SOC teams. Mapped to MITRE ATT&CK, tested, bilingual. By ECOP Thailand.

thailand dfir sigma soc detection-rules blue-team mitre-attack threat-detection sigma-rules

Updated Jun 23, 2026
Python

muchdogesec / siemrules

Star

An API that takes a txt file containing threat intelligence and turns it into a detection rule.

siem soar detection-rules detection-engineering

Updated Jun 17, 2026
Python

secwexen / security-playbooks

Star

Security Playbooks is a collection of MITRE ATT&CK-based attack scenarios, detection rules (Sigma, YARA, and Suricata), PoC scripts, and hands-on lab walkthroughs for cybersecuritys and SOC analysts.

python incident-response cybersecurity suricata threat-hunting siem malware-analysis yara-rules detection-rules blue-team mitre-attack defensive-security adversary-emulation threat-detection security-monitoring detection-engineering sigma-rules detection-validation

Updated Jun 23, 2026
YARA

colvert-project / colvert

Star

Manage your detection use cases portfolio

Updated Jun 2, 2026
Python

capture0x / ActiveDirectory-SAST

Sponsor

Star

Sigma-format SAST detection rules for Active Directory attack techniques — CLAUDE 94 rules across 14 categories, mapped to MITRE ATT&CK v14 | For blue teams, SOC analysts and purple team exercises

active-directory kerberos siem sigma sast detection-rules blue-team redteam mitre-attack purple-team windows-security activedirectory-audit activedirectorysecurity socanalyst

Updated May 22, 2026

vastlimits / uberAgent-config

Star

uberAgent configuration: UXM settings & ESA rules + checks

detection-rules endpoint-security endpoint-monitoring

Updated Jun 20, 2026
PowerShell

Improve this page

Add a description, image, and links to the detection-rules topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the detection-rules topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

detection-rules

Here are 60 public repositories matching this topic...

checkmarble / marble

sublime-security / sublime-platform

mandiant / thiri-notebook

polaris64 / web_exploit_detector

0xAnalyst / DefenderATPQueries

mthcht / ThreatHunting-Keywords-sigma-rules

cylaris / awesomekql

elastic / cortado

Karneades / SigmaFilterCheck

KaraZajac / SKELETONKEY

LasCC / SentinelOne-Userscript

austinsonger / elastic-detection-cli

muchdogesec / txt2detection

dfirvault / Splunk-DFIR-Dashboards

ecop-th / detection-rules

muchdogesec / siemrules

secwexen / security-playbooks

colvert-project / colvert

capture0x / ActiveDirectory-SAST

vastlimits / uberAgent-config

Improve this page

Add this topic to your repo