POC framework for detecting LOLBin abuse in Sysmon logs using Splunk SPL. Implements 12 layered checks (signature matching, parent-child anomalies, threat intel, statistical baselines) with risk scoring for automated alert prioritization. Supports standalone Splunk or distributed n8n architecture.

Regex patterns for detecting ClickFix social engineering attacks

A collection of custom-built dashboards for threat hunting.

Manage your detection use cases portfolio

Wireshark-color-filters for network scanning packets scanning easy to understand attack patterns

Jibril public security detection recipes.

Docker Container for Elastic Detection CLI

Check Sigma rules for easy-to-bypass whitelists to make them more robust (https://github.com/SigmaHQ/sigma)

A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.

Files for the lab of Digital Communications at the University of Seville.

A userscript that enhances the SentinelOne PowerQuery interface with a custom threat hunting button that follow the website UI / UX design interface.

A curated list of Awesome Detection Rules

Jibril Runtime Security Public Types. Important for unmarshalling events and similar needs.

An API that takes a txt file containing threat intelligence and turns it into a detection rule.

uberAgent configuration: UXM settings & ESA rules + checks

Sentrilite is a Threat Detection-As-Code & Reponse (DACR) Platform for Linux, Hybrid-Cloud Infrastructure

Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs

Sigma detection rules for hunting with the threathunting-keywords project