Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jatrost/awesome-detection-rules

This is a collection of threat detection rules / rules engines that I have come across.
https://github.com/jatrost/awesome-detection-rules

List: awesome-detection-rules

Last synced: about 1 month ago
JSON representation

This is a collection of threat detection rules / rules engines that I have come across.

Awesome Lists containing this project

README 

        
# awesome-detection-rules



This is a collection of threat detection rules / rules engines that I have come across.



# Yara



* https://github.com/advanced-threat-research/Yara-Rules/

* https://github.com/airbnb/binaryalert/tree/master/rules/public

* https://github.com/avast/ioc

* https://github.com/chronicle/GCTI

* https://github.com/deadbits/yara-rules/

* https://github.com/delivr-to/detections/tree/main/yara-rules

* https://github.com/dr4k0nia/yara-rules

* https://github.com/elastic/protections-artifacts/tree/main/yara/rules

* https://github.com/elceef/yara-rulz

* https://github.com/embee-research/Yara-detection-rules/

* https://github.com/eset/malware-ioc

* https://github.com/fboldewin/YARA-rules/

* https://github.com/JPCERTCC/MalConfScan/tree/master/yara

* https://github.com/kevoreilly/CAPEv2/tree/master/data/yara

* https://github.com/malpedia/signator-rules/

* https://github.com/mandiant/red_team_tool_countermeasures/

* https://github.com/mikesxrs/Open-Source-YARA-rules

* https://github.com/mthcht/ThreatHunting-Keywords-yara-rules

* https://github.com/Neo23x0/god-mode-rules/

* https://github.com/Neo23x0/signature-base 

* https://github.com/pmelson/yara_rules

* https://github.com/reversinglabs/reversinglabs-yara-rules/

* https://github.com/RussianPanda95/Yara-Rules

* https://github.com/sbousseaden/YaraHunts/

* https://github.com/SIFalcon/Detection

* https://github.com/stairwell-inc/threat-research

* https://github.com/StrangerealIntel/DailyIOC

* https://github.com/telekom-security/malware_analysis/

* https://github.com/volexity/threat-intel

* https://github.com/Yara-Rules/rules

* https://github.com/YARAHQ/yara-forge/releases

* https://github.com/roadwy/DefenderYara/



# Sigma



* https://github.com/anil-yelken/sigma-rules

* https://github.com/center-for-threat-informed-defense/cloud-analytics/tree/main/analytics

* https://github.com/delivr-to/detections/tree/main/sigma-rules

* https://github.com/joesecurity/sigma-rules

* https://github.com/magicsword-io/LOLDrivers/tree/main/detections/sigma

* https://github.com/mbabinski/Sigma-Rules

* https://github.com/mdecrevoisier/SIGMA-detection-rules

* https://github.com/mthcht/ThreatHunting-Keywords-sigma-rules

* https://github.com/P4T12ICK/Sigma-Rule-Repository

* https://github.com/SigmaHQ/sigma/tree/master/rules

* https://github.com/The-DFIR-Report/Sigma-Rules

* https://github.com/tsale/Sigma_rules



# Falco



* https://github.com/CloudDefenseAI/falco_extended_rules

* https://github.com/falcosecurity/rules

* https://gitlab.com/gitlab-org/security-products/package-hunter/-/blob/main/falco/falco_rules.local.yaml



# Zeek



* https://github.com/zeek/zeek/tree/master/scripts/policy



# Snort / Suricata



* https://github.com/nsacyber/ELITEWOLF

* https://rules.emergingthreatspro.com/open/

* https://www.snort.org/downloads/#rule-downloads



# Splunk



* https://github.com/mthcht/ThreatHunting-Keywords

* https://github.com/splunk/security_content

* https://research.splunk.com/detections/ 

* https://research.splunk.com/stories/

* https://github.com/anvilogic-forge/armory



# Sublime / MQL



* https://github.com/delivr-to/detections/tree/main/sublime-rules

* https://github.com/sublime-security/sublime-rules/

* https://github.com/vector-sec/public-sublime-rules



# KQL



* https://github.com/0xAnalyst/DefenderATPQueries

* https://github.com/Azure/Azure-Sentinel

* https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules

* https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection

* https://github.com/reprise99/Sentinel-Queries

* https://www.kqlsearch.com/



# Nuclei



* https://github.com/projectdiscovery/nuclei-templates/

* https://github.com/UnaPibaGeek/honeypots-detection



# Other



* https://docs.velociraptor.app/exchange/

* https://github.com/0x534a/dynmx-signatures ([dynmx](https://github.com/0x534a/dynmx))

* https://github.com/ahmedkhlief/APT-Hunter

* https://github.com/Algbra-Labs-OSS/Chronicle

* https://github.com/aquasecurity/tracee/tree/main/signatures

* https://github.com/chronicle/detection-rules/

* https://github.com/elastic/detection-rules

* https://github.com/elastic/protections-artifacts/blob/main/ransomware/artifact.lua (ransomware)

* https://github.com/elastic/protections-artifacts/tree/main/behavior/rules

* https://github.com/GoogleCloudPlatform/security-analytics

* https://github.com/malwareinfosec/EKFiddle/blob/master/Regexes/MasterRegexes.txt - exploit kit regexes 

* https://github.com/mgreen27/DetectRaptor

* https://github.com/mthcht/awesome-lists

* https://github.com/panther-labs/panther-analysis/tree/master/rules

* https://github.com/phish-report/IOK/tree/main/indicators - phishing kit signatures

* https://github.com/quadrantsec/sagan-rules

* https://github.com/rabbitstack/fibratus/tree/master/rules

* https://github.com/referefref/honeydet/blob/main/signatures.yaml - honeypot detection signatures

* https://github.com/wazuh/wazuh/tree/master/ruleset

* https://github.com/Yamato-Security/hayabusa

* https://github.com/Yamato-Security/hayabusa-rules