#Threat-detection
Showing 52 of 52 repositories tagged #threat-detection, ranked by stars
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
A curated knowledge base to build, run and mature a SOC (including CSIRT).
Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.
Watcher - Open Source AI-powered Cyber Threat Intelligence & Hunting Platform. Developed with Django & React JS.
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
Open source platform for cyber security analysts with many features for threat intelligence and detection engineering.
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, right from your terminal.
A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.
Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud
ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.
AI EDR for developer workstations and autonomous agent fleets. Build Swarm Detection & Response platforms with Clawdstrike.
A modular, skill-based autonomous Security Operations Center (SOC) agent that monitors OpenSearch/Elasticsearch data, builds RAG-based behavioral memory, and validates real-time anomalies using LLMs.
Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.
基于机器学习的网络安全检测系统 | 集成Kitsune/LUCID算法 | 支持ML/DL/RL模型 | 99.58%攻击检测准确率 | 19913 QPS | Docker/K8s部署
pretrained BERT model for cyber security text, learned CyberSecurity Knowledge
🔥🔥🔥 AI security automation platform. Build visual workflows, deploy autonomous agents, and automate threat detection and response. 80+ integrations with SIEM, EDR, ticketing, and cloud tools. Self-hosted SOAR alternative.
Local safety layer for AI agents that use the terminal. Screens risky commands and MCP/tool calls, watches Linux activity with eBPF, blocks dangerous behavior, and keeps audit trails local. Open source, self-hosted, dry-run by default.
Curated collection of cybersecurity tools featured in Black Hat Arsenal events.
Build AI-powered security tools. 50+ hands-on labs covering ML, LLMs, RAG, threat detection, DFIR, and red teaming. Includes Colab notebooks, Docker environment, and CTF challenges.
An index of publicly available and open-source threat detection rulesets.
Comprehensive SOC Analyst notes covering incident response, threat hunting, SOC workflows, and cybersecurity concepts—perfect for exam prep and skill-building in blue team operations.
A toolkit for Security Researchers
🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.
HoneyWire: The Open-Source, Unlimited Deception Platform. Turn any Linux machine into an enterprise-grade canary in 60 seconds.
🪓 High-Speed Log Analysis & Forensics Tool - Part of NullSec Toolkit
Real-time eBPF-powered network security monitor with AI-driven threat detection. Surfaces port scans, DDoS attacks, botnet activity, and anomalies at 100Gbps+ speeds with sub-microsecond latency (~150 million packets/sec).
An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
AI-Driven Threat Modeling & Attack Tree Generation with MITRE ATT&CK Integration
LLM-powered security log analyzer: detect threats & anomalies with zero regex — just declare a Pydantic schema. Real-time Telegram alerts, SIEM-ready with Elasticsearch/Kibana. Supports OpenAI, Ollama, vLLM.
Open-source security platform for AI agents -- audits skills before install, monitors 24/7, shares threat intelligence across all users. | AI Agent 開源安全平台 -- 安裝前審計 skill、24/7 即時監控、社群共享威脅情報。
An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Detection & Hunting.
A fast, customizable service detection tool powered by a flexible fingerprint system. It helps you identify services, APIs, and network configurations across your infrastructure.
Static and dynamic analysis tool for detecting malicious code, suspicious binaries, and privacy violations
🛡️ Free AI that blocks hackers while you sleep. Runs on cheap hardware. When someone in Tokyo gets attacked, you're protected in 30 seconds. No fees. No experts needed. Just protection. One node's detection → everyone's protection.
A list of malicious IP addresses associated with botnets, cyberattacks, and the generation of artificial traffic on websites. Useful for network administrators and security companies to block threats and protect against DDoS attacks.
Maintained by the ANY.RUN team, this repository provides YARA rules to help detect and classify various malware families and other malicious artifacts.
Portable security rules for the action boundary of AI agents
Autonomous AI Security Operations — 35 agents replacing $300K/year SOC teams for $50/year
Zero-overhead eBPF process tracer for Linux malware triage and incident response. Traces syscalls, network, and file events per-process without strace overhead.
Comprehensive cybersecurity roadmap for learning ethical hacking, network security, and defensive security from beginner to advanced.
A Python script to automatically search GitHub for .exe, .com, .pif, .msi, .scr, .bat, .cmd, .dll, .sys, .drv, .ocx, .vbs, .js, .ps1, .hta, .wsf, .lnk, .sh, .py, .zip, .rar, .7z, .tar, .gz, .iso, .docm, .xlsm, .pptm, .apk, .jar files, download them, and scan them for malware using ClamAV and VirusTotal.
Berry Sentinel v5.0 — Advanced behavioral C2 and reverse shell detector for Linux/Windows/Unix systems. Features real-time connection analysis, heuristic scoring, C2 framework signature detection, beacon interval analysis, and an interactive curses-based TUI with process kill engine.
Este proyecto es un simulador de ciberseguridad diseñado para entornos educativos. Permite a estudiantes practicar técnicas de ataque y defensa en un entorno controlado, replicando situaciones reales de ciberseguridad sin riesgo para sistemas en producción.
It is a powerful tool designed to detect DLL hijacking vulnerabilities in executable files.
A malware analysis platform built in Rust
A simple reader with GUI, for pickle files.