Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-detection-engineer

Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log references, resources, labs, data manipulation online tools, blogs, newsletters, good reads, books, trainings, podcasts, videos and twitter/x accounts.
https://github.com/st0pp3r/awesome-detection-engineer

Last synced: 2 days ago
JSON representation

Uncategorized
- Uncategorized
  - Microsoft Monitoring Active Directory
  - OWASP Cheatsheet
  - Microsoft Windows Audit Policy Recommendations
  - Malware Archaeology Cheatsheets for Windows
  - Auditd Logging Configuration | Neo23x0
  - Sigma Rules - Huge collection of detection rules from SIGMA HQ.
  - Splunk Rules - Splunk's detection rules.
  - Elastic Rules - rules-explorer) or [Elastic Rules GitHub Repository](https://github.com/elastic/detection-rules/tree/main/rules)- Elastic's detection rules.
  - Elastic Security for Endpoint Rules - Elastic's Security for Endpoint detection rules.
  - Sentinel Detections - Sentinel/tree/master/Solutions)- Collection of KQL detection queries for Sentinel.
  - FortiSIEM Rules - FortiSIEM's detection rules.
  - LogPoint Rules - LogPoint's alert rules.
  - Panther Detections - Collection of detection rules by Panther.
  - Datadog Detections - Collection of detection rules by Datadog.
  - Wazuh Ruleset - Wazuh ruleset repository.
  - Sigma Rules - Huge collection of detection rules from SIGMA HQ.
  - Elastic Rules - rules-explorer) or [Elastic Rules GitHub Repository](https://github.com/elastic/detection-rules/tree/main/rules)- Elastic's detection rules.
  - Elastic Security for Endpoint Rules - Elastic's Security for Endpoint detection rules.
  - Splunk Rules - Splunk's detection rules.
  - Sentinel Detections - Sentinel/tree/master/Solutions)- Collection of KQL detection queries for Sentinel.
  - FortiSIEM Rules - FortiSIEM's detection rules.
  - LogPoint Rules - LogPoint's alert rules.
  - Panther Detections - Collection of detection rules by Panther.
  - Datadog Detections - Collection of detection rules by Datadog.
  - Wazuh Ruleset - Wazuh ruleset repository.
  - Sigma Rules | The DFIR Report - Collection of sigma rules.
  - Sigma Rules | The DFIR Report - Collection of sigma rules.
  - Sigma Rules | mdecrevoisier - Collection of sigma rules.
  - Sigma Rules | Yamato Security - Collection of sigma rules.
  - Sigma Rules | tsale - Collection of sigma rules.
  - Sigma Rules | JoeSecurity - Collection of sigma rules.
  - Sigma Rules | mdecrevoisier - Collection of sigma rules.
  - Sigma Rules | Yamato Security - Collection of sigma rules.
  - Sigma Rules | tsale - Collection of sigma rules.
  - Sigma Rules | JoeSecurity - Collection of sigma rules.
  - Sigma Rules Threat Hunting Keywords | mthcht - Collection of sigma rules.
  - Sigma Rules | mbabinski - Collection of sigma rules.
  - Sigma Rules | Inovasys-CS - Collection of sigma rules.
  - KQL Queries | FalconForce - Collection of KQL queries.
  - KQL Queries | SecurityAura - Collection of KQL queries.
  - KQL Queries for Sentinel | reprise99 - Collection of KQL queries.
  - KQL Queries | Cyb3r Monk - Collection of KQL queries.
  - Sigma Rules Threat Hunting Keywords | mthcht - Collection of sigma rules.
  - Sigma Rules | mbabinski - Collection of sigma rules.
  - Sigma Rules | Inovasys-CS - Collection of sigma rules.
  - KQL Queries | FalconForce - Collection of KQL queries.
  - KQL Queries | SecurityAura - Collection of KQL queries.
  - KQL Queries for DefenderATP | 0xAnalyst - Collection of KQL queries.
  - KQL Queries | Bert-JanP - Collection of KQL queries.
  - KQL Queries for Sentinel | reprise99 - Collection of KQL queries.
  - KQL Queries | Cyb3r Monk - Collection of KQL queries.
  - KQL Queries | SlimKQL - Collection of KQL queries.
  - KQL Queries | cyb3rmik3 - Collection of KQL queries.
  - KQL Search - Collection of KQL queries from various GitHub repositories.
  - DetectionCode - Detection rules search engine.
  - Attack Rule Map - Mapping of open-source detection rules.
  - MITRE Cyber Analytics Repository (CAR) - The MITRE Cyber Analytics Repository (CAR) is a knowledge base of analytics based on the MITRE ATT&CK framework.
  - Google Cloud Platform (GCP) Community Security Analytics - Security analytics to monitor cloud activity within Google Cloud.
  - Anvilogic Detection Armory - Public versions of the detections from the Anvilogic Platform Armory.
  - Chronicle (GCP) Rules - Detection rules written for the Chronicle Platform.
  - KQL Queries for DefenderATP | 0xAnalyst - Collection of KQL queries.
  - KQL Queries | Bert-JanP - Collection of KQL queries.
  - KQL Queries | SlimKQL - Collection of KQL queries.
  - KQL Queries | cyb3rmik3 - Collection of KQL queries.
  - KQL Search - Collection of KQL queries from various GitHub repositories.
  - DetectionCode - Detection rules search engine.
  - Attack Rule Map - Mapping of open-source detection rules.
  - MITRE Cyber Analytics Repository (CAR) - The MITRE Cyber Analytics Repository (CAR) is a knowledge base of analytics based on the MITRE ATT&CK framework.
  - Google Cloud Platform (GCP) Community Security Analytics - Security analytics to monitor cloud activity within Google Cloud.
  - Anvilogic Detection Armory - Public versions of the detections from the Anvilogic Platform Armory.
  - Chronicle (GCP) Rules - Detection rules written for the Chronicle Platform.
  - SOC Prime - Great collection of free and paid detection rules (requires registration).
  - SOC Prime - Great collection of free and paid detection rules (requires registration).
  - SnapAttack - Collection of free and paid detection rules (requires registration).
  - SnapAttack - Collection of free and paid detection rules (requires registration).
  - Detecting the Elusive Active Directory Threat Hunting - Bsides presentation that includes detection logic for active directory attacks.
  - Antivirus Cheatsheet | Nextron Systems - Antivirus keywords and detection logic from Nextron.
  - Awesome Lists | mthcht - Includes keywords, paths from various tools that can be used to implement detection logic.
  - Active Directory Security (adsecurity.org) - Page dedicated to Active Directory security. Includes attack descriptions and detection recommendations.
  - Detecting the Elusive Active Directory Threat Hunting - Bsides presentation that includes detection logic for active directory attacks.
  - Active Directory Detection Logic | Picus - Handbook with active directory attack descriptions and detection recommendations.
  - Antivirus Cheatsheet | Nextron Systems - Antivirus keywords and detection logic from Nextron.
  - Awesome Lists | mthcht - Includes keywords, paths from various tools that can be used to implement detection logic.
  - Active Directory Security (adsecurity.org) - Page dedicated to Active Directory security. Includes attack descriptions and detection recommendations.
  - Offensive Kerberos Techniques for Detection Engineering | Noah
  - EVTX Attack Samples - Event viewer attack samples.
  - Offensive Kerberos Techniques for Detection Engineering | Noah
  - EVTX Attack Samples - Event viewer attack samples.
  - EVTX to MITRE Attack - IOCs in EVTX format.
  - Security Datasets - Datasets of malicious and benign indicators, from different platforms.
  - Mordor Dataset - Pre-recorded security events generated after simulating adversarial techniques.
  - Attack Data | Splunk
  - EVTX to MITRE Attack - IOCs in EVTX format.
  - Security Datasets - Datasets of malicious and benign indicators, from different platforms.
  - Mordor Dataset - Pre-recorded security events generated after simulating adversarial techniques.
  - PCAP-ATTACK | sbousseaden - PCAP captures mapped to the relevant attack tactic.
  - malware-traffic-analysis.net - Site for sharing packet capture (pcap) files and malware samples.
  - NetreSec PCAPs - List of public packet capture repositories.
  - Attack Data | Splunk
  - PCAP-ATTACK | sbousseaden - PCAP captures mapped to the relevant attack tactic.
  - APT Simulator - Windows batch script that uses a set of tools and output files to make a system look as if it was compromised.
  - malware-traffic-analysis.net - Site for sharing packet capture (pcap) files and malware samples.
  - NetreSec PCAPs - List of public packet capture repositories.
  - Infection Monkey - Open-source adversary emulation platform.
  - Atomic Red Team | Red Canary - Tests mapped to the MITRE ATT&CK framework.
  - rtt.secdude.de - Nice page that includes commands mapped to MITRE ATT&CK.
  - Stratus Red Team | DataDog - Similar to red team atomics but for cloud.
  - MalwLess Simulation Tool (MST) - Open source tool that allows you to simulate system compromise or attack behaviors without running processes.
  - How to prioritize a Detection Backlog? | Alex Teixeira
  - Prioritization of the Detection Engineering Backlog | Joshua Prager & Emily Leidy
  - LOLBAS Project - Binaries, scripts, and libraries that can be used for Living Off The Land techniques. Includes commands that can be run to test TTPs.
  - LOLOL Farm - A great collection of resources to thrive off the land. Includes commands that can be run to test TTPs.
  - MITRE Caldera - Adversary emulation framework by MITRE.
  - Pyramid of Pain
  - Active Directory Attack Tests | Picus - Handbook with active directory attack tests.
  - Network Flight Simulator - Lightweight utility used to generate malicious network traffic.
  - Atomic and Stateful Detection Rules
  - Detection-as-Code Testing
  - Automating Security Detection Engineering: A hands-on guide to implementing Detection as Code
  - Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
  - TCM Security Detection Engineering for Beginners
  - LetsDefend Detection Engineering Path
  - SANS SEC555: Detection Engineering and SIEM Analytics
  - SANS SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
  - Detection Challenging Paradigms | SpecterOps - Discussing various topics on threat detection.
  - Stratus Red Team | DataDog - Similar to red team atomics but for cloud.
  - MalwLess Simulation Tool (MST) - Open source tool that allows you to simulate system compromise or attack behaviors without running processes.
  - LOLBAS Project - Binaries, scripts, and libraries that can be used for Living Off The Land techniques. Includes commands that can be run to test TTPs.
  - LOLOL Farm - A great collection of resources to thrive off the land. Includes commands that can be run to test TTPs.
  - Atomic Red Team | Red Canary - Tests mapped to the MITRE ATT&CK framework.
  - MITRE Caldera - Adversary emulation framework by MITRE.
  - Network Flight Simulator - Lightweight utility used to generate malicious network traffic.
  - APT Simulator - Windows batch script that uses a set of tools and output files to make a system look as if it was compromised.
  - Infection Monkey - Open-source adversary emulation platform.
  - rtt.secdude.de - Nice page that includes commands mapped to MITRE ATT&CK.
  - OWASP Cheatsheet
  - Microsoft Monitoring Active Directory
  - Microsoft Windows Audit Policy Recommendations
  - Malware Archaeology Cheatsheets for Windows
  - Sysmon Configuration | Olaf Hartong
  - Auditd Logging Configuration | Neo23x0
  - Sysmon Configuration | SwiftOnSecurity
  - KQL Query for Validating your Windows Audit Policy
  - NGINX Configuring Access Log
  - Windows Event IDs and Audit Policies
  - Windows Security Log Event IDs Encyclopedia
  - Sysmon Event IDs
  - Cisco ASA Event IDs
  - Palo Alto PAN-OS Log Fields
  - Palo Alto PAN-OS Threat Categories
  - Palo Alto PAN-OS Applications
  - Sysmon Configuration | SwiftOnSecurity
  - Sysmon Configuration | Olaf Hartong
  - KQL Query for Validating your Windows Audit Policy
  - Apache Logging Configuration
  - NGINX Configuring Access Log
  - Windows Event IDs and Audit Policies
  - Windows Security Log Event IDs Encyclopedia
  - Sysmon Event IDs
  - Cisco ASA Event IDs
  - Palo Alto PAN-OS Log Fields
  - Palo Alto PAN-OS Threat Categories
  - Palo Alto PAN-OS Applications
  - FortiGate FortiOS Log Types and Subtypes
  - FortiGate FortiOS Log Fields
  - FortiGate FortiOS Log Types and Subtypes
  - FortiGate FortiOS Log Fields
  - FortiGate FortiGuard Encyclopedia
  - Microsoft Defender Event IDs
  - FortiGate FortiGuard Encyclopedia
  - Microsoft Defender Event IDs
  - Microsoft Defender for Cloud Alert References
  - Microsoft Defender for Identity Alert References
  - Microsoft Defender XDR Schemas
  - Microsoft DNS Debug Event IDs - logging-and-diagnostics-1)
  - Azure SigninLogs Schema
  - Azure SigninLogs Risk Detection
  - AADSTS Error Codes
  - GCP Threat Detection Findings
  - GuardDuty Finding Types
  - Microsoft Defender for Cloud Alert References
  - Microsoft Defender XDR Schemas
  - Detections.xyz - Collection of good detection engineering articles.
  - Alex Teixeira on Medium - Frequently writes about detection engineering topics.
  - Detection at Scale - Collection of good detection engineering articles.
  - Microsoft Defender for Identity Alert References
  - Detection Engineering Weekly - A newsletter with weekly detection related online sources.
  - Detections Digest - A newsletter with weekly updates on detection rules from GitHub repositories.
  - Prioritizing Detection Engineering | Ryan McGeehan
  - About Detection Engineering | Florian Roth
  - Detection Development Lifecycle | Haider Dost
  - Microsoft DNS Debug Event IDs - logging-and-diagnostics-1)
  - Azure SigninLogs Schema
  - Azure SigninLogs Risk Detection
  - AADSTS Error Codes
  - GCP Threat Detection Findings
  - GuardDuty Finding Types
  - Barracuda Firewall Log Files Structure and Log Fields
  - Barracuda Web Security Gateway Log Fields
  - Barracuda Web Application Firewall Log Format - log-formats)
  - Barracuda Web Application Firewall Log Format - log-formats)
  - Barracuda Firewall Log Files Structure and Log Fields
  - Barracuda Web Security Gateway Log Fields
  - Check Point Firewall Log Fields
  - Cisco Umbrella Proxy Log Format - umbrella/docs/dns-log-formats) and [Cisco Umbrella Content Categories](https://docs.umbrella.com/deployment-umbrella/docs/new-content-category-definitions)
  - Cisco WSA Access Log Fields - security-appliance/datasheet_C78-718442.html)
  - Cisco ESA Log Types
  - Juniper Junos OS Log Fields
  - Imperva Log Fields - waf-system-events-reference-guide/page/63179.htm)
  - Squid Log Fields and Log Types - cache.org/Features/LogFormat)
  - Suricata Log Format
  - Check Point Firewall Log Fields
  - Cisco ESA Log Types
  - Cisco Umbrella Proxy Log Format - umbrella/docs/dns-log-formats) and [Cisco Umbrella Content Categories](https://docs.umbrella.com/deployment-umbrella/docs/new-content-category-definitions)
  - Cisco WSA Access Log Fields - security-appliance/datasheet_C78-718442.html)
  - Juniper Junos OS Log Fields
  - Imperva Log Fields - waf-system-events-reference-guide/page/63179.htm)
  - Squid Log Fields and Log Types - cache.org/Features/LogFormat)
  - Suricata Log Format
  - ZScaler Web Log Format - feed-output-format-firewall-logs), [ZScaler DNS Log Format](https://help.zscaler.com/zia/nss-feed-output-format-dns-logs) and [ZScaler URL Categories](https://help.zscaler.com/zia/about-url-categories).
  - Broadcom Edge Secure Web Gateway (Bluecoat) Access Log Format - descriptions)
  - ZScaler Web Log Format - feed-output-format-firewall-logs), [ZScaler DNS Log Format](https://help.zscaler.com/zia/nss-feed-output-format-dns-logs) and [ZScaler URL Categories](https://help.zscaler.com/zia/about-url-categories).
  - Broadcom Endpoint Protection Manager Log Format
  - Broadcom Edge Secure Web Gateway (Bluecoat) Access Log Format - descriptions)
  - SonicWall SonicOS Log Events Documentation
  - WatchGuard Fireware OS Log Format
  - Sophos Firewall Log Documentation
  - Sophos Central Admin Events
  - Apache Custom Log Format
  - IIS Log File Format
  - NGINX Access Log Format
  - MITRE ATT&CK® - MITRE ATT&CK knowledge base of adversary tactics and techniques.
  - Broadcom Endpoint Protection Manager Log Format
  - SonicWall SonicOS Log Events Documentation
  - WatchGuard Fireware OS Log Format
  - Sophos Firewall Log Documentation
  - Sophos Central Admin Events
  - IIS Log File Format
  - NGINX Access Log Format
  - MITRE ATT&CK® - MITRE ATT&CK knowledge base of adversary tactics and techniques.
  - Zen of Security Rules | Justin Ibarra - 19 rules for developing detection rules.
  - Uncoder IO - Detection logic query converter.
  - MITRE D3fend - A knowledge of cybersecurity countermeasures.
  - Alerting and Detection Strategies (ADS) Framework | Palantir - A structured approach to designing and documenting effective detection methodologies.
  - Detection Engineering Maturity Matrix | Kyle Bailey - Aims to help the community better measure the capabilities and maturity of their detection function.
  - Detection Engineering Maturity (DML) Model | Ryan Stillions - A tool for assessing an organization’s detection engineering capabilities and maturity levels.
  - MaGMa Use Case Framework - Methodology for defining and managing threat detection use cases.
  - Detection Engineering Cheatsheet | Florian Roth - Cheatsheet for prioritizing detection development.
  - Microsoft Azure Security Control Mappings to MITRE ATT&CK - Coverage of various Azure security control products mappings to MITRE ATT&CK .
  - Detection Practices | ncsc - General guidelines on building detection processes.
  - Zen of Security Rules | Justin Ibarra - 19 rules for developing detection rules.
  - Uncoder IO - Detection logic query converter.
  - Alerting and Detection Strategies (ADS) Framework | Palantir - A structured approach to designing and documenting effective detection methodologies.
  - Detection Engineering Maturity Matrix | Kyle Bailey - Aims to help the community better measure the capabilities and maturity of their detection function.
  - MITRE D3fend - A knowledge of cybersecurity countermeasures.
  - Detection Engineering Maturity (DML) Model | Ryan Stillions - A tool for assessing an organization’s detection engineering capabilities and maturity levels.
  - MaGMa Use Case Framework - Methodology for defining and managing threat detection use cases.
  - Detection Engineering Cheatsheet | Florian Roth - Cheatsheet for prioritizing detection development.
  - Microsoft Azure Security Control Mappings to MITRE ATT&CK - Coverage of various Azure security control products mappings to MITRE ATT&CK .
  - Detection Practices | ncsc - General guidelines on building detection processes.
  - EDR Telemetry | tsale - Telemetry comparison and telemetry generator for different EDRs.
  - Threat Intel Reports - Threat Intel reports to be used as inspiration for use case creation.
  - EDR Telemetry | tsale - Telemetry comparison and telemetry generator for different EDRs.
  - Threat Intel Reports - Threat Intel reports to be used as inspiration for use case creation.
  - xCyclopedia - The xCyclopedia project attempts to document all executable binaries (and eventually scripts) that reside on a typical operating system.
  - Splunk Attack Range
  - PurpleLab
  - BlueTeam.Lab
  - xCyclopedia - The xCyclopedia project attempts to document all executable binaries (and eventually scripts) that reside on a typical operating system.
  - Splunk Attack Range
  - PurpleLab
  - Regex101 - Regex testing.
  - BlueTeam.Lab
  - Detection LAB
  - Constructing Defense
  - Regexr - Regex testing.
  - CyberChef - Multiple data manipulation tools, decoders, decryptors.
  - JSON Formatter - JSON Beautifier.
  - JSONCrack - JSON, YML, CSV, XML Editor.
  - Grok Debugger - Text manipulation (Remove duplicates, prefix, suffix, word count etc.).
  - Text Mechanic - Text manipulation (Remove duplicates, prefix, suffix, word count etc.).
  - Detection LAB
  - Constructing Defense
  - Regex101 - Regex testing.
  - Regexr - Regex testing.
  - CyberChef - Multiple data manipulation tools, decoders, decryptors.
  - JSON Formatter - JSON Beautifier.
  - JSONCrack - JSON, YML, CSV, XML Editor.
  - Grok Debugger - Text manipulation (Remove duplicates, prefix, suffix, word count etc.).
  - Text Mechanic - Text manipulation (Remove duplicates, prefix, suffix, word count etc.).
  - Text Fixer - Text manipulation (Remove duplicates, prefix, suffix, word count etc.).
  - Hash Calculator - Hash calculator and other tools.
  - Diff Checker - Diff comparison.
  - CSVJSON - CSV to JSON converter and vice versa.
  - ChatGPT - Can be used to transform data.
  - Text Fixer - Text manipulation (Remove duplicates, prefix, suffix, word count etc.).
  - Hash Calculator - Hash calculator and other tools.
  - Free Formatter - Formatter for XML, JSON, HTML.
  - HTML Formatter - Formatter for HTML.
  - FalconForce Blog
  - Elastic Security Labs Blog - labs/topics/detection-science). Also everything [Samir Bousseaden](https://www.elastic.co/security-labs/author/samir-bousseaden).
  - SpecterOps Blog - detection/home)
  - Detect.fyi - Collection of good detection engineering articles.
  - SOC Visibility | walaakabbani
  - What Makes a “Good” Detection? | The Cybersec Café
  - Lessons Learned in Detection Engineering | Ryan McGeehan
  - Can We Have “Detection as Code”? | Anton Chuvakin
  - Automating Detection-as-Code | John Tuckner
  - Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
  - Free Formatter - Formatter for XML, JSON, HTML.
  - HTML Formatter - Formatter for HTML.
  - Diff Checker - Diff comparison.
  - CSVJSON - CSV to JSON converter and vice versa.
  - ChatGPT - Can be used to transform data.
  - FalconForce Blog
  - Elastic Security Labs Blog - labs/topics/detection-science). Also everything [Samir Bousseaden](https://www.elastic.co/security-labs/author/samir-bousseaden).
  - SpecterOps Blog - detection/home)
  - Detect.fyi - Collection of good detection engineering articles.
  - Detections.xyz - Collection of good detection engineering articles.
  - Alex Teixeira on Medium - Frequently writes about detection engineering topics.
  - Detection at Scale - Collection of good detection engineering articles.
  - Detection Engineering Weekly - A newsletter with weekly detection related online sources.
  - Detections Digest - A newsletter with weekly updates on detection rules from GitHub repositories.
  - Prioritizing Detection Engineering | Ryan McGeehan
  - About Detection Engineering | Florian Roth
  - Detection Development Lifecycle | Haider Dost
  - Elastic releases the Detection Engineering Behavior Maturity Model
  - Threat Detection Maturity Framework | Haider Dost
  - Compound Probability: You Don’t Need 100% Coverage to Win
  - Elastic releases the Detection Engineering Behavior Maturity Model
  - Threat Detection Maturity Framework | Haider Dost
  - Compound Probability: You Don’t Need 100% Coverage to Win
  - Where should I place my detections? | walaakabbani
  - Alerting and Detection Strategy Framework | Palantir
  - DeTT&CT : Mapping detection to MITRE ATT&CK | Renaud Frère
  - DeTT&CT: Mapping your Blue Team to MITRE ATT&CK™
  - Distributed Security Alerting
  - Alerting and Detection Strategy Framework | Palantir
  - DeTT&CT : Mapping detection to MITRE ATT&CK | Renaud Frère
  - Where should I place my detections? | walaakabbani
  - SOC Visibility | walaakabbani
  - What Makes a “Good” Detection? | The Cybersec Café
  - Lessons Learned in Detection Engineering | Ryan McGeehan
  - DeTT&CT: Mapping your Blue Team to MITRE ATT&CK™
  - Distributed Security Alerting
  - Deploying Detections at Scale — Part 0x01 use-case format and automated validation | Gijs Hollestelle
  - From soup to nuts: Building a Detection-as-Code pipeline
  - Can We Have “Detection as Code”? | Anton Chuvakin
  - Automating Detection-as-Code | John Tuckner
  - How to prioritize a Detection Backlog? | Alex Teixeira
  - Prioritization of the Detection Engineering Backlog | Joshua Prager & Emily Leidy
  - Pyramid of Pain
  - Atomic and Stateful Detection Rules
  - @Oddvarmoe
  - @jaredcatkinson
  - @olafhartong
  - Deploying Detections at Scale — Part 0x01 use-case format and automated validation | Gijs Hollestelle
  - From soup to nuts: Building a Detection-as-Code pipeline
  - Awesome Detection List
  - Detection-as-Code Testing
  - Automating Security Detection Engineering: A hands-on guide to implementing Detection as Code
  - Malware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware
  - XINTRA Attacking and Defending Azure & M365
  - Specter Ops Adversary Tactics: Detection
  - FalconForce Advanced Detection Engineering in the Enterprise training
  - TCM Security Detection Engineering for Beginners
  - LetsDefend Detection Engineering Path
  - SANS SEC555: Detection Engineering and SIEM Analytics
  - Malware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware
  - XINTRA Attacking and Defending Azure & M365
  - Specter Ops Adversary Tactics: Detection
  - FalconForce Advanced Detection Engineering in the Enterprise training
  - Detection at Scale - Discussing threat landscape and a lot detection related topics.
  - Atomics on a Friday - YouTube series discussing detection opportunities.
  - @sigma_hq
  - @cyb3rops
  - @frack113
  - SANS SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
  - Detection Challenging Paradigms | SpecterOps - Discussing various topics on threat detection.
  - @nas_bench
  - @SBousseaden
  - @SecurityAura
  - @Oddvarmoe
  - Detection at Scale - Discussing threat landscape and a lot detection related topics.
  - Atomics on a Friday - YouTube series discussing detection opportunities.
  - @nas_bench
  - @sigma_hq
  - @cyb3rops
  - @frack113
  - @SBousseaden
  - @SecurityAura
  - @jaredcatkinson
  - @olafhartong
  - Awesome Detection List

Programming Languages

Python 8 Jinja 4 PowerShell 4 Go 4 HTML 4 JavaScript 2 PHP 2 Batchfile 2 YARA 2

Ecosyste.ms: Awesome

awesome-detection-engineer

Uncategorized

Uncategorized