{"id":13599044,"url":"https://github.com/jatrost/awesome-detection-rules","last_synced_at":"2026-01-27T01:32:43.230Z","repository":{"id":143546309,"uuid":"613019121","full_name":"jatrost/awesome-detection-rules","owner":"jatrost","description":"This is a collection of threat detection rules / rules engines that I have come across.","archived":false,"fork":false,"pushed_at":"2024-05-05T16:01:25.000Z","size":37,"stargazers_count":299,"open_issues_count":0,"forks_count":20,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-11-01T14:02:51.390Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jatrost.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-12T16:54:50.000Z","updated_at":"2025-10-29T12:18:16.000Z","dependencies_parsed_at":"2023-09-22T00:10:10.814Z","dependency_job_id":"c51a8be8-f91d-48f1-be9f-dff839352ea1","html_url":"https://github.com/jatrost/awesome-detection-rules","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jatrost/awesome-detection-rules","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jatrost%2Fawesome-detection-rules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jatrost%2Fawesome-detection-rules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jatrost%2Fawesome-detection-rules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jatrost%2Fawesome-detection-rules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jatrost","download_url":"https://codeload.github.com/jatrost/awesome-detection-rules/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jatrost%2Fawesome-detection-rules/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28795468,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T01:07:07.743Z","status":"ssl_error","status_checked_at":"2026-01-27T01:07:06.974Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T17:00:59.210Z","updated_at":"2026-01-27T01:32:43.210Z","avatar_url":"https://github.com/jatrost.png","language":null,"funding_links":[],"categories":["Others","Other Lists"],"sub_categories":["Detection Resources","📡 Detection Resources"],"readme":"# awesome-detection-rules\n\nThis is a collection of threat detection rules / rules engines that I have come across.\n\n# Yara\n\n* https://github.com/advanced-threat-research/Yara-Rules/\n* https://github.com/airbnb/binaryalert/tree/master/rules/public\n* https://github.com/avast/ioc\n* https://github.com/chronicle/GCTI\n* https://github.com/deadbits/yara-rules/\n* https://github.com/delivr-to/detections/tree/main/yara-rules\n* https://github.com/dr4k0nia/yara-rules\n* https://github.com/elastic/protections-artifacts/tree/main/yara/rules\n* https://github.com/elceef/yara-rulz\n* https://github.com/embee-research/Yara-detection-rules/\n* https://github.com/eset/malware-ioc\n* https://github.com/fboldewin/YARA-rules/\n* https://github.com/JPCERTCC/MalConfScan/tree/master/yara\n* https://github.com/kevoreilly/CAPEv2/tree/master/data/yara\n* https://github.com/malpedia/signator-rules/\n* https://github.com/mandiant/red_team_tool_countermeasures/\n* https://github.com/mikesxrs/Open-Source-YARA-rules\n* https://github.com/mthcht/ThreatHunting-Keywords-yara-rules\n* https://github.com/Neo23x0/god-mode-rules/\n* https://github.com/Neo23x0/signature-base \n* https://github.com/pmelson/yara_rules\n* https://github.com/reversinglabs/reversinglabs-yara-rules/\n* https://github.com/RussianPanda95/Yara-Rules\n* https://github.com/sbousseaden/YaraHunts/\n* https://github.com/SIFalcon/Detection\n* https://github.com/stairwell-inc/threat-research\n* https://github.com/StrangerealIntel/DailyIOC\n* https://github.com/telekom-security/malware_analysis/\n* https://github.com/volexity/threat-intel\n* https://github.com/Yara-Rules/rules\n* https://github.com/YARAHQ/yara-forge/releases\n* https://github.com/roadwy/DefenderYara/\n\n# Sigma\n\n* https://github.com/anil-yelken/sigma-rules\n* https://github.com/center-for-threat-informed-defense/cloud-analytics/tree/main/analytics\n* https://github.com/delivr-to/detections/tree/main/sigma-rules\n* https://github.com/joesecurity/sigma-rules\n* https://github.com/magicsword-io/LOLDrivers/tree/main/detections/sigma\n* https://github.com/mbabinski/Sigma-Rules\n* https://github.com/mdecrevoisier/SIGMA-detection-rules\n* https://github.com/mthcht/ThreatHunting-Keywords-sigma-rules\n* https://github.com/P4T12ICK/Sigma-Rule-Repository\n* https://github.com/SigmaHQ/sigma/tree/master/rules\n* https://github.com/The-DFIR-Report/Sigma-Rules\n* https://github.com/tsale/Sigma_rules\n\n# Falco\n\n* https://github.com/CloudDefenseAI/falco_extended_rules\n* https://github.com/falcosecurity/rules\n* https://gitlab.com/gitlab-org/security-products/package-hunter/-/blob/main/falco/falco_rules.local.yaml\n\n# Zeek\n\n* https://github.com/zeek/zeek/tree/master/scripts/policy\n\n# Snort / Suricata\n\n* https://github.com/nsacyber/ELITEWOLF\n* https://rules.emergingthreatspro.com/open/\n* https://www.snort.org/downloads/#rule-downloads\n\n# Splunk\n\n* https://github.com/mthcht/ThreatHunting-Keywords\n* https://github.com/splunk/security_content\n* https://research.splunk.com/detections/ \n* https://research.splunk.com/stories/\n* https://github.com/anvilogic-forge/armory\n\n# Sublime / MQL\n\n* https://github.com/delivr-to/detections/tree/main/sublime-rules\n* https://github.com/sublime-security/sublime-rules/\n* https://github.com/vector-sec/public-sublime-rules\n\n# KQL\n\n* https://github.com/0xAnalyst/DefenderATPQueries\n* https://github.com/Azure/Azure-Sentinel\n* https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules\n* https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection\n* https://github.com/reprise99/Sentinel-Queries\n* https://www.kqlsearch.com/\n\n# Nuclei\n\n* https://github.com/projectdiscovery/nuclei-templates/\n* https://github.com/UnaPibaGeek/honeypots-detection\n\n# Other\n\n* https://docs.velociraptor.app/exchange/\n* https://github.com/0x534a/dynmx-signatures ([dynmx](https://github.com/0x534a/dynmx))\n* https://github.com/ahmedkhlief/APT-Hunter\n* https://github.com/Algbra-Labs-OSS/Chronicle\n* https://github.com/aquasecurity/tracee/tree/main/signatures\n* https://github.com/chronicle/detection-rules/\n* https://github.com/elastic/detection-rules\n* https://github.com/elastic/protections-artifacts/blob/main/ransomware/artifact.lua (ransomware)\n* https://github.com/elastic/protections-artifacts/tree/main/behavior/rules\n* https://github.com/GoogleCloudPlatform/security-analytics\n* https://github.com/malwareinfosec/EKFiddle/blob/master/Regexes/MasterRegexes.txt - exploit kit regexes \n* https://github.com/mgreen27/DetectRaptor\n* https://github.com/mthcht/awesome-lists\n* https://github.com/panther-labs/panther-analysis/tree/master/rules\n* https://github.com/phish-report/IOK/tree/main/indicators - phishing kit signatures\n* https://github.com/quadrantsec/sagan-rules\n* https://github.com/rabbitstack/fibratus/tree/master/rules\n* https://github.com/referefref/honeydet/blob/main/signatures.yaml - honeypot detection signatures\n* https://github.com/wazuh/wazuh/tree/master/ruleset\n* https://github.com/Yamato-Security/hayabusa\n* https://github.com/Yamato-Security/hayabusa-rules\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjatrost%2Fawesome-detection-rules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjatrost%2Fawesome-detection-rules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjatrost%2Fawesome-detection-rules/lists"}