✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
-
Updated
Feb 20, 2024
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
A toolkit for Security Researchers
pretrained BERT model for cyber security text, learned CyberSecurity Knowledge
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
Detect-X Automated Threat Detection by AI
Threat-hunting tool for Linux
Bypass 403
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.
An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
Threat Detection & Anomaly Detection rules for popular open-source components
Threat intelligence and threat detection indicators (IOC, IOA)
Crawlector is a threat hunting framework designed for scanning websites for malicious objects.
Add a description, image, and links to the threat-detection topic page so that developers can more easily learn about it.
To associate your repository with the threat-detection topic, visit your repo's landing page and select "manage topics."