https://github.com/muchdogesec/awesome_detection_rules
A curated list of Awesome Detection Rules
https://github.com/muchdogesec/awesome_detection_rules
List: awesome_detection_rules
detection-engineering detection-rules infosec siem threat-intel threat-intelligence xdr
Last synced: 4 months ago
JSON representation
A curated list of Awesome Detection Rules
- Host: GitHub
- URL: https://github.com/muchdogesec/awesome_detection_rules
- Owner: muchdogesec
- License: other
- Created: 2024-11-07T06:12:42.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-12-07T08:54:27.000Z (over 1 year ago)
- Last Synced: 2025-10-30T10:01:08.417Z (7 months ago)
- Topics: detection-engineering, detection-rules, infosec, siem, threat-intel, threat-intelligence, xdr
- Homepage: https://siemrules.com/
- Size: 5.86 KB
- Stars: 2
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# Awesome Detection Rules
A curated list of detection rule sources.
We built this during our research for [SIEM Rules, your detection engineering AI assistant](https://www.siemrules.com/).
[You can find a copy of the following table in a GSheet here](https://docs.google.com/spreadsheets/d/1-vmQXxTigdF37-qZhwvpWwCBO4iU4mA-eq2iKtpUSjg/edit?usp=sharing).
Description
URL
Language
Product
Summary
Elastic Detection Rules
https://github.com/elastic/detection-rules
Query DSL
Elastic
The Elastic Detection Rules repository on GitHub provides rules for identifying threats using Elastic's Query DSL, organized by domains like malware, endpoint, and cloud.
Chronicle Detection Rules
https://github.com/chronicle/detection-rules
YARA-L 2.0
Chronicle
This repository contains detection rules written in YARA-L 2.0 for Chronicle Security's platform, focused on threat detection for diverse environments.
Sigma Rules
https://github.com/SigmaHQ/sigma
Sigma
Sigma
The Sigma Rules repository on GitHub contains a curated list of Sigma rules structured by domain (e.g., Windows, network), enabling cross-platform detections.
Anvilogic Armory
https://github.com/anvilogic-forge/armory
Sigma
Anvilogic
Anvilogic Armory provides a collection of Sigma-based detection rules that can be used for cross-platform threat detection across different security platforms.
Panther Labs
https://github.com/panther-labs/panther-analysis/tree/develop/rules
Python
Panther
Panther Labs offers Python-based detection rules in this repository, designed for security operations teams using Panther to detect threats in cloud and hybrid environments.
Splunk Security Content
https://github.com/splunk/security_content
SPL
Splunk
The Splunk Security Content repository provides SPL-based detection rules and analytic stories for security use cases, including endpoint, cloud, and threat intelligence.
Datadog Security Rules
https://docs.datadoghq.com/security/default_rules/
Proprietary Syntax
Datadog
Datadog's Security Rules documentation includes default security detection rules for use with Datadog’s SIEM, allowing users to build custom queries for their needs.
Sekoia Detection Rules
https://docs.sekoia.io/xdr/features/detect/built_in_detection_rules/
Proprietary Syntax
Sekoia
Sekoia's built-in detection rules cover a variety of security events and offer pre-defined logic for detecting threats across environments.
Exabeam Content
https://github.com/ExabeamLabs/Content-Doc
JSON-based Rules
Exabeam
Exabeam Content repository contains JSON-based detection content designed for Exabeam’s SIEM, covering various security events and threat intelligence use cases.
## Contributing
Feel free to [contribute](CONTRIBUTING.md).
## Join the community
[Join the DOGESEC community](https://community.dogesec.com/).
## License
[Creative Commons Attribution 4.0 International Public License](LICENSE).