#Detection-engineering

Showing 32 of 32 repositories tagged #detection-engineering, ranked by stars

mikeroyal
mikeroyal
Digital-Forensics-Guide

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Score
64
★ 2.9k ⑂ 353 +9/day
Python
DataDog
DataDog
stratus-red-team

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

Score
100
★ 2.4k ⑂ 307 +1/day
Go
cyb3rxp
cyb3rxp
awesome-soc

A curated knowledge base to build, run and mature a SOC (including CSIRT).

Score
92
★ 1.8k ⑂ 277 +4/day
mthcht
mthcht
awesome-lists

Awesome Security lists for SOC/CERT/CTI

Score
88
★ 1.7k ⑂ 200 +1/day
YARA
matanolabs
matanolabs
matano

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Score
0
★ 1.7k ⑂ 121
Rust
splunk
splunk
security_content

Splunk Security Content

Score
96
★ 1.6k ⑂ 477 +1/day
Python
beenuar
beenuar
AiSOC

Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.

Score
84
★ 1.5k ⑂ 149 +1/day
Python
BushidoUK
BushidoUK
Ransomware-Tool-Matrix

A resource containing all the tools each ransomware gangs uses

Score
80
★ 1.4k ⑂ 155 +1/day
infosecB
infosecB
awesome-detection-engineering

Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.

Score
76
★ 1.3k ⑂ 134 +13/day
Cyb3r-Monk
Cyb3r-Monk
Threat-Hunting-and-Detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Score
72
★ 816 ⑂ 112 +1/day
Jupyter Notebook
runreveal
runreveal
pql

Pipelined Query Language

Score
100
★ 704 ⑂ 28 +1/day
Go
nianticlabs
nianticlabs
venator

A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.

Score
0
★ 382 ⑂ 21
Go
Nebulock-Inc
Nebulock-Inc
agentic-threat-hunting-framework

ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.

Score
68
★ 322 ⑂ 45 +3/day
Python
backbay-labs
backbay-labs
clawdstrike

AI EDR for developer workstations and autonomous agent fleets. Build Swarm Detection & Response platforms with Clawdstrike.

Score
60
★ 283 ⑂ 34
TypeScript
F2u0a0d3
F2u0a0d3
goodboy-framework

15-stage Windows malware development & analysis course in Rust. Red team builds it, blue team detects it. All 15 binaries achieved 0/76 on VirusTotal.

Score
56
★ 279 ⑂ 32
ControlCompass
ControlCompass
ControlCompass.github.io

Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

Score
24
★ 143 ⑂ 27
JavaScript
infosecB
infosecB
Rulehound

An index of publicly available and open-source threat detection rulesets.

Score
20
★ 136 ⑂ 7
lawndoc
lawndoc
AdvancedHuntingQueries

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.

Score
48
★ 133 ⑂ 18
adrianlois
adrianlois
DFIR-Detection-Engineering

Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.

Score
52
★ 100 ⑂ 14
bradleyjkemp
bradleyjkemp
sigma-go

A Go implementation and parser for Sigma rules.

Score
0
★ 99 ⑂ 24
Go
AttackIQ
AttackIQ
SigmAIQ

A pySigma wrapper and langchain toolkit for automatic rule creation/translation

Score
0
★ 96 ⑂ 11
Python
AlbinoGazelle
AlbinoGazelle
esxi-testing-toolkit

🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.

Score
12
★ 87 ⑂ 14
Python
center-for-threat-informed-defense
center-for-threat-informed-defense
summiting-the-pyramid

Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.

Score
44
★ 61 ⑂ 7
Makefile
infosecB
infosecB
detection-as-code

An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.

Score
4
★ 61 ⑂ 11
Python
danzek
danzek
awesome-lol

Living off the Land (LOL) attack techniques, tools, and defender resources

Score
40
★ 40 ⑂ 6
xdrew87
xdrew87
Echos

Echos is a stealthy C2 traffic emulator built in Rust for Red Teamers. It simulates adversarial beaconing patterns and custom jitter to test EDR/NDR detection logic. Ideal for validating network security signatures in a safe, modular framework.

Score
32
★ 33 ⑂ 2
Rust
threat-punter
threat-punter
detection-as-code-example

A POC to implement Detection-as-Code with Terraform and Sumo Logic.

Score
0
★ 32 ⑂ 11
Python
iocx-dev
iocx-dev
iocx

An extensible, deterministic static‑analysis engine that extracts high‑signal IOCs from PE binaries and text, built for SOC automation and modern threat‑analysis pipelines.

Score
36
★ 26 ⑂ 6 +1/day
Python
backbay-labs
backbay-labs
hush

Portable security rules for the action boundary of AI agents

Score
28
★ 24 ⑂ 1 +24/day
Rust
Hazrat-Ali9
Hazrat-Ali9
Vehicle-Detection-Counting-Using-YOLO-and-Masking

😉 Vehicle 🥶Detection 🤢 Counting 😩 Using 👿 YOLO 🤡 and 👹 Masking 🤖 is 🛸 a 🙉 computer 😿 vision 😠 project 👽 that 🚂 automatically 🚃 detects 🚋 tracks ✈ counts 🚀 vehicles 🛸 from 🚟 images 🚠 or 🚋 video 🚡streams 🛬 using 🚞 YOLO 🕌 based 🏟 object 🏩 detection 🏚 combined 🏯 with 🏤 region 🏰 masking 🚝 techniques 🚛

Score
0
★ 19 ⑂ 0
MrM8BRH
MrM8BRH
Defensive-Security-Hub

A curated collection of essential resources, tools, and references for Security Operations Center (SOC) analysts.

Score
8
★ 15 ⑂ 2
meltedinhex
meltedinhex
analyst-ai-pack

An open agent-skills library for malware analysis, reverse engineering, and threat hunting - 118 curated, runnable skills mapped to MITRE ATT&CK, D3FEND, and CAR.

Score
16
★ 10 ⑂ 2
Python
Related Topics
#cybersecurity#threat-hunting#security#threat-detection#dfir#siem#threat-intelligence#mitre-attack#security-tools#incident-response#soc#purple-team

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly