Living off the False Positive!

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Open Source Security Events Metadata (OSSEM)

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Rules generated from our investigations.

Sigma rules from Joe Security

Production-ready detection & response queries for osquery

Collection of example YARA-L rules for use within Google Security Operations

Collection of KQL queries

Rapid7 Labs operates as the division of Rapid7 focused on threat research. It is renowned for providing comprehensive threat intelligence, research and analytics.

OCSF Schema

Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations se…

Repository of Yara Rules

Detect Tactics, Techniques & Combat Threats

Security ML models encoded as Yara rules

Repository of YARA rules made by Trellix ATR Team

Anvilogic Forge

A curated list of threat detection rule repositories and sharing communities.

Snowflake Usage Anomaly Detection & Alerting System

A rewrite of YARA in Rust.

Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifyin…

Code written as part of our various malware investigations

✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective…

A high-performance observability data pipeline.

Wazuh - Docker containers

Sigma Rules written by BushidoUK

A security tool to detect malicious Go packages by verifying checksums in go.sum against the original source code

Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.