Projects in Awesome Lists tagged with detection-engineering
A curated list of projects in awesome lists tagged with detection-engineering .
https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
dataset detection-engineering dfir evtx mitre-attack threat-hunting windows-security winlogbeat
Last synced: 23 Mar 2025
https://github.com/datadog/stratus-red-team
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
adversary-emulation aws aws-security azure-security cloud-native-security cloud-security detection-engineering gcp-security kubernetes-security mitre-attack purple-team security threat-detection
Last synced: 04 Feb 2026
https://github.com/sbousseaden/evtx-attack-samples
Windows Events Attack Samples
dataset detection-engineering dfir evtx mitre-attack threat-hunting windows-security winlogbeat
Last synced: 13 Mar 2025
https://github.com/DataDog/stratus-red-team
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
adversary-emulation aws aws-security azure-security cloud-native-security cloud-security detection-engineering gcp-security kubernetes-security mitre-attack purple-team security threat-detection
Last synced: 30 Mar 2025
https://github.com/mikeroyal/digital-forensics-guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
alerting cyber-security detection-engineering dfir digital-forensics digitalforensicreadiness digitalforensics forensic-analysis forensics forensics-investigations forensics-tools intrusion-detection mitre-attack network-security offensive-security osint port-scanning security siem threat-intelligence
Last synced: 08 Apr 2025
https://github.com/mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
alerting cyber-security detection-engineering dfir digital-forensics digitalforensicreadiness digitalforensics forensic-analysis forensics forensics-investigations forensics-tools intrusion-detection mitre-attack network-security offensive-security osint port-scanning security siem threat-intelligence
Last synced: 14 Mar 2025
https://github.com/matanolabs/matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
alerting apache-iceberg aws aws-security big-data cloud cloud-native cloud-security cybersecurity detection-engineering dfir log-analytics log-management rust secops security security-tools serverless siem threat-hunting
Last synced: 14 May 2025
https://github.com/splunk/security_content
Splunk Security Content
cicd cybersecurity detection detection-engineering engineering responses splunk
Last synced: 19 Feb 2026
https://github.com/beenuar/AiSOC
Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.
ai-security alert-triage cybersecurity detection-engineering docker fastapi incident-response mit-license mitre-attack nextjs open-source purple-team python security-operations self-hosted siem soar soc threat-detection threat-intelligence
Last synced: 09 Jun 2026
https://github.com/beenuar/aisoc
Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.
ai-security alert-triage cybersecurity detection-engineering docker fastapi incident-response mit-license mitre-attack nextjs open-source purple-team python security-operations self-hosted siem soar soc threat-detection threat-intelligence
Last synced: 30 May 2026
https://github.com/mikeroyal/open-source-security-guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
compliance cyber-security detection-engineering forensics-tools incident-management incident-response information-security infosec intrusion-detection kali-linux mitre-attack network-analysis offensive-security pentesters privacy-protection scanning-tool siem surveillance vulnerabilities vulnerability-detection
Last synced: 16 May 2025
https://github.com/mikeroyal/Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
compliance cyber-security detection-engineering forensics-tools incident-management incident-response information-security infosec intrusion-detection kali-linux mitre-attack network-analysis offensive-security pentesters privacy-protection scanning-tool siem surveillance vulnerabilities vulnerability-detection
Last synced: 30 Mar 2025
https://github.com/mvelazc0/PurpleSharp
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
adversary-simulation controls-validation detection-engineering purple-team
Last synced: 11 Jul 2025
https://github.com/cyb3r-monk/threat-hunting-and-detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
cybersecurity defender-for-endpoint detection-engineering dfir kql kusto-language microsoft-sentinel threat-detection threat-hunting
Last synced: 15 May 2025
https://github.com/BushidoUK/Ransomware-Tool-Matrix
A resource containing all the tools each ransomware gangs uses
cti cybersecurity detection-engineering hacking osint ransomware threat-hunting threat-intelligence threatintel
Last synced: 05 Aug 2025
https://github.com/runreveal/pql
Pipelined Query Language
clickhouse detection-engineering go golang query-language siem sql
Last synced: 12 Jan 2026
https://mthcht.github.io/ThreatHunting-Keywords/
Awesome list of keywords and artifacts for Threat Hunting sessions
awesome-list blueteam detection-engineering dfir elk-stack endpoint-security forensic hacktools incident-response iocs offensive-scripts offensive-security redteam siem soc splunk threat-hunting threat-intelligence threathunting yara-rules
Last synced: 10 Apr 2025
https://github.com/aegrah/panix
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
backdoor bash detection-engineering linux panix persistence security-research shell unix
Last synced: 05 Apr 2025
https://github.com/Aegrah/PANIX?tab=readme-ov-file
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
backdoor bash detection-engineering linux panix persistence security-research shell unix
Last synced: 21 Aug 2025
https://github.com/sbousseaden/Slides
Misc Threat Hunting Resources
detection-engineering dfir mindmap threat-hunting
Last synced: 29 Mar 2026
https://github.com/Karib0u/rustinel
Open-source endpoint detection engine for Windows and Linux using ETW, eBPF, Sigma, YARA, IOCs, and ECS NDJSON alerts.
blue-team detection-engineering ebpf edr endpoint-detection endpoint-security etw incident-response linux linux-security malware-detection rust security-monitoring security-tools siem sigma sysmon threat-detection windows-security yara
Last synced: 06 Jun 2026
https://github.com/DataDog/threatest
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
continuous-security detection-engineering security-automation threat-detection
Last synced: 21 Jul 2025
https://github.com/datadog/threatest
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
continuous-security detection-engineering security-automation threat-detection
Last synced: 06 Apr 2025
https://github.com/Aegrah/PANIX
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
bash detection-engineering linux panix persistence security-research shell unix
Last synced: 21 Aug 2025
https://github.com/datadog/grimoire
Generate datasets of cloud audit logs for common attacks
cloud-security detection-engineering purpleteaming
Last synced: 09 Apr 2025
https://github.com/DataDog/grimoire
Generate datasets of cloud audit logs for common attacks
cloud-security detection-engineering purpleteaming
Last synced: 27 Sep 2025
https://github.com/0xrawsec/gene
Signature engine for all your logs
detection-engineering dfir threat-hunting
Last synced: 25 Sep 2025
https://github.com/nebulock-inc/agentic-threat-hunting-framework
ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.
agentic-ai ai-agents automation cybersecurity detection-engineering pypi security security-tools siem threat-analysis threat-detection threat-hunting threat-intelligence threat-response thrunting
Last synced: 08 Feb 2026
https://github.com/lawndoc/advancedhuntingqueries
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.
cyber-security cybersecurity defender defender-atp defender-for-endpoint detection detection-engineering hunting kql kusto microsoft microsoft365 security threat-hunting xdr
Last synced: 20 Feb 2026
https://github.com/mvelazc0/attack2jira
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage
attack-coverage detection-engineering mitre mitre-attack
Last synced: 24 Dec 2025
https://github.com/bradleyjkemp/sigma-go
A Go implementation and parser for Sigma rules.
Last synced: 04 Mar 2025
https://github.com/attackiq/sigmaiq
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
detection-engineering langchain llm python3 security security-tools sigma sigma-rules
Last synced: 14 Oct 2025
https://github.com/adrianlois/dfir-detection-engineering
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.
anti-forense artefactos artefacts cybersecurity deteccion detection-engineering dfir digital-forensics evidencias forense forensics incident-response linux macosx malware security tips tricks windows
Last synced: 09 Apr 2025
https://github.com/0xAnalyst/DefenderATPQueries
Hunting Queries for Defender ATP
defender-atp detection-engineering detection-rules kql microsoft sentinel threat-hunting
Last synced: 06 Nov 2025
https://github.com/anvilogic-forge/armory
Anvilogic Forge
detection detection-engineering snowflake splunk threat-hunting
Last synced: 31 Mar 2025
https://github.com/mthcht/threathunting-keywords-sigma-rules
Sigma detection rules for hunting with the threathunting-keywords project
blueteam detection-engineering detection-rules dfir forensicartifacts mitre-attack siem sigma-rules threat-detection threat-hunting threathunting
Last synced: 10 Oct 2025
https://github.com/karib0u/rustinel
Windows EDR agent in Rust. ETW telemetry → Sigma/YARA detection → ECS alerts. User-mode, open-source, high-performance.
blue-team detection-engineering edr endpoint-detection etw incident-response malware-detection rust security-tools siem sigma sysmon threat-detection windows-security yara
Last synced: 04 Mar 2026
https://github.com/west-wind/Threat-Hunting-With-Splunk
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
arcanedoor bpfdoor bpfdoor-detection cve-2024-20353 cve-2024-20359 detection detection-engineering esxi-malware esxi-ransomware line-dancer line-runner mitre-attack rtm-locker splunk text4shell vulnerability
Last synced: 31 Mar 2025
https://github.com/center-for-threat-informed-defense/summiting-the-pyramid
Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.
ctid cyber-analytics cybersecurity detection-engineering mitre-attack threat-informed-defense
Last synced: 28 Jan 2026
https://github.com/nasbench/eventlog_compendium
The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.
detection-engineering eventlog security windows
Last synced: 06 May 2025
https://github.com/infosecb/detection-as-code
An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
blueteam cybersecurity detection-engineering threat-detection
Last synced: 13 Apr 2025
https://github.com/center-for-threat-informed-defense/m3tid
The Measure, Maximize, and Mature Threat-Informed Defense (M3TID) project defines what Threat-Informed Defense (TID) is and the key activities associated with its practice.
adversary-emulation ctid cyber-threat-intelligence cybersecurity detection-engineering mitre-attack threat-informed-defense
Last synced: 13 Feb 2026
https://github.com/panther-labs/pypanther-starter-kit
A Python-native Detection as Code Framework
cloud detection-as-code detection-engineering incident-response infosec monitoring security
Last synced: 12 Aug 2025
https://github.com/opensensor/thingino-accel
Open-Source Neural Network Runtime (Ingenic MIPs)
detection-engineering ingenic nna t41 yolo
Last synced: 21 May 2026
https://github.com/benjitrapp/aws-threat-hunting
Short deep dive into Threat Hunting on AWS
aws cloudtrail detection-engineering jupyter-notebook threathunting
Last synced: 14 Apr 2025
https://github.com/panther-labs/pypanther
A Pythonic Detection Rules Framework
detection-as-code detection-engineering incident-response infosec monitoring panther security
Last synced: 12 Aug 2025
https://github.com/lascc/sentinelone-userscript
A userscript that enhances the SentinelOne PowerQuery interface with a custom threat hunting button that follow the website UI / UX design interface.
detection detection-engineering detection-rules sentinelone sentinelone-powerquery sentinelone-threat-hunting threat-hunting threathunting userscript
Last synced: 27 May 2026
https://github.com/deathlabs/deathlabs
Automation for deploying Detection Engineering and Threat Hunting (DEATH) labs
detection-engineering packer threat-hunting vagrant
Last synced: 21 Jan 2026
https://github.com/deadbits/trs
🔭 Threat report analysis via LLM and Vector DB
data-extraction detection-engineering large-language-models llm llm-prompting openai prompt-engineering summarization threat-intelligence
Last synced: 14 Apr 2025
https://github.com/raylee-hawkins/hawkinsops-v1-archive
Closed HawkinsOps V1 proof surface for AI-assisted SOC automation, detection-as-code, SignalFoundry metrics, and reviewer-safe portfolio routing.
blue-team cybersecurity-portfolio detection-engineering homelab incident-response mitre-attack python security-automation sigma sigma-rules soc soc-analyst splunk threat-detection wazuh
Last synced: 04 Jun 2026
https://github.com/muchdogesec/txt2detection
A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.
detection-engineering detection-rules siem
Last synced: 20 Feb 2026
https://github.com/backbay-labs/thrunt-god
Threat hunting command system for agentic IDEs
agent-skills agents ai-agent ai-agents claude-code detection-engineering threat-detection threat-hunting threat-intelligence thrunt thrunting
Last synced: 10 Apr 2026
https://infosecb.github.io/detection-engineering-ai-maturity/
A community framework for assessing AI/LLM use across a detection engineering program.
ai cybersecurity detection-engineering framework llms threat-detection
Last synced: 23 Jun 2026
https://github.com/infosecb/generate_attacknav_layer
A Python CLI utility for quickly converting a list or text file of MITRE ATT&CK technique IDs to a MITRE ATT&CK Navigator layer .JSON file.
detection-engineering mitre-attack threat-detection threat-intelligence
Last synced: 10 Jun 2025
https://github.com/muchdogesec/awesome_detection_rules
A curated list of Awesome Detection Rules
detection-engineering detection-rules infosec siem threat-intel threat-intelligence xdr
Last synced: 11 Feb 2026
https://github.com/certeu/moriohub
No need to re-invent the observability wheel. What you need is perhaps already on Moriohub!
detection-engineering observability
Last synced: 27 Jan 2026
https://github.com/solomonneas/vervet
Network threat hunting for Zeek and Suricata logs. Explainable per-host risk scoring with evidence chains and MITRE ATT&CK mapping. Reads your logs, never touches your network.
blue-team cybersecurity detection-engineering ids mitre-attack network-security python security-tools suricata threat-hunting zeek
Last synced: 24 Jun 2026
https://github.com/tracecathq/hunts
🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.
cloudtrail cybersecurity detection-engineering orjson polars ray threat-hunting
Last synced: 12 Jun 2025
https://github.com/infosecb/rulehound
An index of publicly available and open-source threat detection rulesets.
cybersecurity detection-engineering index rules ruleset threat-detection
Last synced: 21 Jan 2026
https://github.com/pop-ecx/sigma-ls
A minimal language server to help in writing sigma rules
detection-engineering language-server-protocol lsp neovim sigma-rules
Last synced: 02 May 2026
https://github.com/varppi/litecanary
Self hostable canary alerts
canary cybersecurity detection-engineering
Last synced: 23 Aug 2025
https://github.com/mizcausevic-dev/sentinel-detection-coverage-board
Operator surface for Microsoft Sentinel detection coverage, workspace health, connector gaps, analytics rules, and incident automation posture.
azure-security detection-engineering incident-response microsoft-sentinel soc typescript
Last synced: 01 Jun 2026
https://github.com/rhejos/soc-detection-lab
Detection engineering lab using Splunk, Sigma, and Windows logs — mapped to MITRE ATT&CK
blue-team cybersecurity detection-engineering mitre-attack sigma soc splunk windows-event-logs
Last synced: 24 Jan 2026
https://github.com/srkyn/splunk-detection-content
Splunk detection notebook with lab-based SPL, MITRE ATT&CK mapping, tuning notes, and analyst triage context.
blue-team cybersecurity defensive-security detection-engineering mitre-attack security-operations siem soc spl splunk windows-security
Last synced: 31 May 2026
https://github.com/xonoxitron/ebpf-sentinel
Linux kernel security: Rust eBPF probes, scalable telemetry (NDJSON/gRPC), MITRE ATT&CK detection-as-code, and Claude-powered SOAR triage tuned for ML workloads.
aya detection-engineering ebpf edr endpoint-detection file-integrity-monitoring grpc linux-kernel-security ml-infrastructure-security ndjson process-lineage reverse-shell-detection siem soar telemetry-pipeline tracepoints
Last synced: 24 Jun 2026
https://github.com/srkyn/srkyn
Cybersecurity profile focused on security operations, identity cleanup, endpoint review, detection notes, and defensive tooling.
cybersecurity detection-engineering endpoint-security iam profile-readme security-automation security-operations security-portfolio soc vulnerability-management
Last synced: 31 May 2026
https://github.com/adanalvarez/terraform-aws-trailalerts
Terrafom module for TrailAlerts serverless cloud-detection tool
aws detection-engineering terraform-module
Last synced: 02 May 2026
https://github.com/srkyn/identityriskgraph
Identity-first detection engineering app for CloudTrail IAM events, nested access paths, and explainable SOC risk investigation.
aws-security cloudtrail cybersecurity detection-engineering iam identity-security mitre-attack python security-portfolio soc splunk streamlit
Last synced: 31 May 2026
https://github.com/madret/elastic
Elastic stack detection lab setup with Docker.
detection-engineering docker docker-compose elasticstack security siem
Last synced: 21 Apr 2026
https://github.com/solomonneas/bro-hunter
Zeek/Bro IDS log analysis and threat detection
blue-team cybersecurity detection-engineering ids network-security python security-tools threat-hunting zeek
Last synced: 25 Apr 2026
https://github.com/ndr-repo/win-eventlog-ir-filters
Windows Event Log filters for cybersecurity incident response, DFIR/forensic event log analysis, and IT risk management.
cybersecurity detection-engineering dfir windows-event-log
Last synced: 04 Feb 2026
https://github.com/spoofimei/litecanary
Self hostable canary alerts
canary cybersecurity detection-engineering
Last synced: 20 Mar 2025
https://github.com/wrg-11/wrg-sigma-rules
Sigma detection rule writing, validation, and conversion for Claude Code -- LLM-assisted + pySigma + multi-backend (Splunk, Elastic, Kibana, Wazuh). 68 production rules + 3 MCP tools + 3 skills.
claude-code claude-code-plugin detection-as-code detection-engineering elasticsearch kibana mcp-server mitre-attack siem sigma-rules splunk threat-detection wazuh
Last synced: 10 Jun 2026
https://github.com/Khadinxc/Sigma2KQL
Sigma Queries turned into KQL for Defender using pysigma - Automated
detection-engineering kql microsoftsentinel mitre-attack threat-detection threat-hunting
Last synced: 27 Nov 2025
https://github.com/chintan2604/forensic
Conteneur Docker tout-en-un pour l'investigation numérique, incluant des outils préinstallés pour l'analyse forensique de disques, mémoire, malwares et appareils mobiles.
alerting awesome cyber-security cybersecurity detection-engineering digitalforensicreadiness digitalforensics free intrusion-detection linux macos osint security siem
Last synced: 07 Apr 2025
