#

detection-rules

Here are 29 public repositories matching this topic...

don-san-sec / clickfix-patterns

Regex patterns for detecting ClickFix social engineering attacks

security regex cybersecurity social-engineering detection-rules threat-detection clickfix

Updated Dec 4, 2025
HTML

rigelnoble / detections

siem cyber-security detection-rules detection-engineering sigma-rules

Updated Aug 13, 2025

Slayerp1 / Wireshark-color-filters

Wireshark-color-filters for network scanning packets scanning easy to understand attack patterns

cybersecurity wireshark packet network-security detection-rules packet-analysis blue-team

Updated Feb 6, 2026

michaelelizarov / lotl-detection-poc

POC framework for detecting LOLBin abuse in Sysmon logs using Splunk SPL. Implements 12 layered checks (signature matching, parent-child anomalies, threat intel, statistical baselines) with risk scoring for automated alert prioritization. Supports standalone Splunk or distributed n8n architecture.

splunk cybersecurity sysmon siem soar detection-rules mitre-attack threat-detection lolbins n8n lotl

Updated Dec 2, 2025
Python

jaamaal / detection-lab

This detection engineering repo is for the Detection as Code CI/CD pipeline

security automation ai pipeline detection cybersecurity infosec siem cicd soc devsecops ai-agents detection-rules cicd-pr-validation detection-as-code aidetection detectionengineering securityoperationscenter aisiem

Updated Mar 6, 2026
Python

pipelock-rules

luckyPipewrench / pipelock-rules

Official community detection rules for Pipelock - the open-source agent firewall

dlp detection-rules agent-security mcp-security pipelock

Updated Mar 27, 2026
Shell

garnet-org / jibril-ashkaal

Jibril Runtime Security Public Types. Important for unmarshalling events and similar needs.

kubernetes linux-security detection-rules edr detection-api kubernetes-security cwpp cloud-native-security cnapp detection-as-code detection-and-response

Updated Mar 27, 2026
Go

sankyhack / Kubernetes-Detection-Engineering

This repo, focuses on detection engineering for Kubernetes Cluster. Sysdig Falco is used to create rules.

kubernetes cloud-native mitre detection-rules threat-detection runtime-security kubernetes-security detection-engineering falco-rules siem-rules

Updated Mar 1, 2026

deXwn / DFIR_Log_Parser

Fast DFIR toolkit built for high-volume EVTX and log analysis, delivering rapid parsing, detection-driven triage, timeline reconstruction, and case-ready reporting.

rust parser parsing detection forensics dfir rust-lang digital-forensics detection-rules evtx-analisys evtx rust-parser

Updated Mar 26, 2026
Rust

colvert-project / colvert

Manage your detection use cases portfolio

Updated Mar 21, 2025
Python

garnet-org / jibril-recipes

Jibril public security detection recipes.

security detection-rules edr cwpp cnapp

Updated Jan 26, 2026

uberAgent-config

vastlimits / uberAgent-config

uberAgent configuration: UXM settings & ESA rules + checks

detection-rules endpoint-security endpoint-monitoring

Updated Mar 27, 2026
PowerShell

muchdogesec / awesome_detection_rules

A curated list of Awesome Detection Rules

infosec xdr siem threat-intelligence detection-rules threat-intel detection-engineering

Updated Dec 7, 2024

gapsc-us / labcomdig

Files for the lab of Digital Communications at the University of Seville.

python statistics communications qam-modulation detection-rules qam-demodulation

Updated Mar 11, 2021
Jupyter Notebook

muchdogesec / siemrules

An API that takes a txt file containing threat intelligence and turns it into a detection rule.

siem soar detection-rules detection-engineering

Updated Mar 27, 2026
Python

dfirvault / Splunk-DFIR-Dashboards

A collection of custom-built dashboards for threat hunting.

ioc splunk detection incident-response dfir cybersecurity siem malware-analysis threat-intelligence detection-rules plaso blue-team security-monitoring threathunting detection-engineering dfirvault

Updated Jan 21, 2026

txt2detection

muchdogesec / txt2detection

A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.

siem detection-rules detection-engineering

Updated Mar 26, 2026
Python

elastic-detection-cli

austinsonger / elastic-detection-cli

Docker Container for Elastic Detection CLI

docker elasticsearch docker-compose docker-container docker-image detection docker-hub elastic detection-rules

Updated Jan 1, 2024
Dockerfile

SentinelOne-Userscript

LasCC / SentinelOne-Userscript

A userscript that enhances the SentinelOne PowerQuery interface with a custom threat hunting button that follow the website UI / UX design interface.

userscript detection threat-hunting detection-rules threathunting detection-engineering sentinelone sentinelone-powerquery sentinelone-threat-hunting

Updated Mar 27, 2026
JavaScript

Karneades / SigmaFilterCheck

Check Sigma rules for easy-to-bypass whitelists to make them more robust (https://github.com/SigmaHQ/sigma)

detection sigma detection-rules

Updated Feb 1, 2021
Python

Improve this page

Add a description, image, and links to the detection-rules topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the detection-rules topic, visit your repo's landing page and select "manage topics."