Splunk Security Content
-
Updated
Dec 17, 2025 - Python
#
detection-engineering
Here are 172 public repositories matching this topic...
Windows Events Attack Samples
-
Updated
Jan 24, 2023 - HTML
☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud
aws security aws-security cloud-security azure-security mitre-attack adversary-emulation threat-detection purple-team gcp-security kubernetes-security detection-engineering cloud-native-security
-
Updated
Dec 11, 2025 - Go
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
security osint alerting forensics dfir intrusion-detection siem digital-forensics offensive-security cyber-security network-security port-scanning forensic-analysis threat-intelligence mitre-attack forensics-investigations detection-engineering digitalforensics forensics-tools digitalforensicreadiness
-
Updated
Jan 4, 2024 - Python
A resource containing all the tools each ransomware gangs uses
osint hacking cybersecurity ransomware threat-hunting threatintel cti threat-intelligence detection-engineering
-
Updated
Oct 19, 2025
Awesome Security lists for SOC/CERT/CTI
security ioc detection incident-response dfir ransomware awesome-list threat-hunting siem iocs cti soc ir blueteam threat-intelligence rmm redteam hacktools detection-engineering blueteam-tools
-
Updated
Dec 17, 2025 - YARA
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
rust aws security cloud big-data serverless alerting dfir secops cybersecurity cloud-native threat-hunting siem log-management aws-security security-tools cloud-security log-analytics apache-iceberg detection-engineering
-
Updated
Jan 8, 2025 - Rust
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
-
Updated
Dec 17, 2024 - C#
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
dfir cybersecurity threat-hunting threat-detection kql detection-engineering kusto-language defender-for-endpoint microsoft-sentinel
-
Updated
Oct 4, 2025 - Jupyter Notebook
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
-
Updated
Nov 18, 2025
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
surveillance incident-response intrusion-detection infosec compliance siem vulnerabilities network-analysis information-security kali-linux vulnerability-detection offensive-security cyber-security incident-management pentesters privacy-protection mitre-attack scanning-tool detection-engineering forensics-tools
-
Updated
Jun 27, 2025 - Go
Awesome list of keywords and artifacts for Threat Hunting sessions
splunk incident-response dfir awesome-list threat-hunting siem iocs offensive-security soc yara-rules elk-stack blueteam threat-intelligence redteam forensic hacktools endpoint-security threathunting offensive-scripts detection-engineering
-
Updated
Aug 4, 2025 - PowerShell
Misc Threat Hunting Resources
-
Updated
Jan 26, 2023
attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage
-
Updated
Mar 26, 2023 - Python
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
security intelligence detection cybersecurity infosec threat-hunting siem information-security soc red-team security-tools threat-intelligence mitre-attack red-teaming security-operations detection-engineering
-
Updated
Feb 25, 2024 - JavaScript
Pipelined Query Language
-
Updated
Jan 2, 2025 - Go
lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection
-
Updated
Jun 2, 2025 - HTML
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
-
Updated
Apr 29, 2025 - Go
Mapping of open-source detection rules and atomic tests.
-
Updated
Jan 18, 2025
yara detection rules for hunting with the threathunting-keywords project
incident-response dfir awesome-list threat-hunting hunting offensive-security yara-rules blueteam threat-intelligence yara-forensics hacktools yara-signatures yara-scanner detection-engineering forensics-tools
-
Updated
May 11, 2025 - YARA
Improve this page
Add a description, image, and links to the detection-engineering topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the detection-engineering topic, visit your repo's landing page and select "manage topics."