Skip to content
/ reversinglabs-siem-rules Public

A collection of various SIEM rules relating to malware family groups.

License

MIT license
62 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

reversinglabs/reversinglabs-siem-rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
Malware
Malware
 
 
Ransomware
Ransomware
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

reversinglabs-siem-rules

This repository contains SIEM rules to aid in detecting the tactics, techniques, and procedures (TTPs) used by various threat actors.

Want to stay in the loop? Subscribe to be notified for new Microsoft Sentinel content from ReversingLabs: https://www.reversinglabs.com/threat-intel-weekly-newsletter-sign-up

Categories

Ransomware

Malware

Contents

Each group will have the following subdirectories containing detection rules and other useful resources:

Sigma

This folder contains Sigma rules that can be used to detect threat actor TTPs.

KQL

This folder contains KQL queries that can be used to identify threat actor TTPs in Microsoft Sentinel and Microsoft Defender for Endpoint. Use these queries to hunt for threats, or create analytic rules to generate alerts and incidents.

YARA

This optional folder contains related YARA rules that can be used to identify malware.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

A collection of various SIEM rules relating to malware family groups.

Topics

infosec siem detection-engineering microsoft-sentinel

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

62 stars

Watchers

5 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages