The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.
-
Updated
Apr 25, 2022 - Python
#
detection-rules
Here are 9 public repositories matching this topic...
Sigma detection rules for hunting with the threathunting-keywords project
dfir threat-hunting siem blueteam detection-rules mitre-attack threat-detection threathunting detection-engineering sigma-rules forensicartifacts
-
Updated
Mar 2, 2025 - Python
-
Updated
Mar 5, 2026 - Python
Check Sigma rules for easy-to-bypass whitelists to make them more robust (https://github.com/SigmaHQ/sigma)
-
Updated
Feb 1, 2021 - Python
A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.
-
Updated
Mar 19, 2026 - Python
An API that takes a txt file containing threat intelligence and turns it into a detection rule.
-
Updated
Mar 24, 2026 - Python
Manage your detection use cases portfolio
python django management django-application python3 cert csirt siem sigma soc django-project detection-rules mitre-attack csirt-activities bootstrap5 csirt-tooling sigma-rules siem-tools colvert detection-use-cases
-
Updated
Mar 21, 2025 - Python
POC framework for detecting LOLBin abuse in Sysmon logs using Splunk SPL. Implements 12 layered checks (signature matching, parent-child anomalies, threat intel, statistical baselines) with risk scoring for automated alert prioritization. Supports standalone Splunk or distributed n8n architecture.
splunk cybersecurity sysmon siem soar detection-rules mitre-attack threat-detection lolbins n8n lotl
-
Updated
Dec 2, 2025 - Python
This detection engineering repo is for the Detection as Code CI/CD pipeline
security automation ai pipeline detection cybersecurity infosec siem cicd soc devsecops ai-agents detection-rules cicd-pr-validation detection-as-code aidetection detectionengineering securityoperationscenter aisiem
-
Updated
Mar 6, 2026 - Python
Improve this page
Add a description, image, and links to the detection-rules topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the detection-rules topic, visit your repo's landing page and select "manage topics."