#Threat-detection

Showing 52 of 52 repositories tagged #threat-detection, ranked by stars

0x4D31
0x4D31
awesome-threat-detection

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Score
100
★ 4.7k ⑂ 752 +7/day
DataDog
DataDog
stratus-red-team

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

Score
98
★ 2.4k ⑂ 307 +2/day
Go
cyb3rxp
cyb3rxp
awesome-soc

A curated knowledge base to build, run and mature a SOC (including CSIRT).

Score
96
★ 1.8k ⑂ 277 +4/day
akto-api-security
akto-api-security
akto

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

Score
93
★ 1.5k ⑂ 285
Java
beenuar
beenuar
AiSOC

Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.

Score
91
★ 1.5k ⑂ 149 +1/day
Python
thalesgroup-cert
thalesgroup-cert
Watcher

Watcher - Open Source AI-powered Cyber Threat Intelligence & Hunting Platform. Developed with Django & React JS.

Score
89
★ 1.3k ⑂ 195 +15/day
JavaScript
infosecB
infosecB
awesome-detection-engineering

Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.

Score
87
★ 1.3k ⑂ 134 +13/day
dev-lu
dev-lu
osint_toolkit

Open source platform for cyber security analysts with many features for threat intelligence and detection engineering.

Score
85
★ 917 ⑂ 151 +39/day
JavaScript
Cyb3r-Monk
Cyb3r-Monk
Threat-Hunting-and-Detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Score
78
★ 816 ⑂ 112 +1/day
Jupyter Notebook
cyb3rmik3
cyb3rmik3
KQL-threat-hunting-queries

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Score
83
★ 785 ⑂ 97 +2/day
utmstack
utmstack
UTMStack

Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.

Score
80
★ 577 ⑂ 75 +1/day
TypeScript
turbot
turbot
tailpipe

select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, right from your terminal.

Score
100
★ 567 ⑂ 14
Go
nianticlabs
nianticlabs
venator

A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.

Score
0
★ 382 ⑂ 21
Go
GoogleCloudPlatform
GoogleCloudPlatform
security-analytics

Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud

Score
43
★ 369 ⑂ 76
Python
Nebulock-Inc
Nebulock-Inc
agentic-threat-hunting-framework

ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.

Score
76
★ 322 ⑂ 45 +3/day
Python
backbay-labs
backbay-labs
clawdstrike

AI EDR for developer workstations and autonomous agent fleets. Build Swarm Detection & Response platforms with Clawdstrike.

Score
74
★ 283 ⑂ 34
TypeScript
SecurityClaw
SecurityClaw
SecurityClaw

A modular, skill-based autonomous Security Operations Center (SOC) agent that monitors OpenSearch/Elasticsearch data, builds RAG-based behavioral memory, and validates real-time anomalies using LLMs.

Score
72
★ 251 ⑂ 26 +1/day
Python
jestasecurity
jestasecurity
thumper

Thumper is an open-source tripwire for the Shai-Hulud npm worm. Plant fake-but-realistic credentials where the worm scans - the instant one is read, you know the box might be breached. Free and built in the open by Jesta.

Score
70
★ 223 ⑂ 13
Python
zimingttkx
zimingttkx
Network-Security-Based-On-ML

基于机器学习的网络安全检测系统 | 集成Kitsune/LUCID算法 | 支持ML/DL/RL模型 | 99.58%攻击检测准确率 | 19913 QPS | Docker/K8s部署

Score
67
★ 220 ⑂ 26 +2/day
Python
jackaduma
jackaduma
SecBERT

pretrained BERT model for cyber security text, learned CyberSecurity Knowledge

Score
33
★ 211 ⑂ 38
Python
digitranslab
digitranslab
allama

🔥🔥🔥 AI security automation platform. Build visual workflows, deploy autonomous agents, and automate threat detection and response. 80+ integrations with SIEM, EDR, ticketing, and cloud tools. Self-hosted SOAR alternative.

Score
61
★ 178 ⑂ 14 +5/day
Python
InnerWarden
InnerWarden
innerwarden

Local safety layer for AI agents that use the terminal. Screens risky commands and MCP/tool calls, watches Linux activity with eBPF, blocks dangerous behavior, and keeps audit trails local. Open source, self-hosted, dry-run by default.

Score
0
★ 163 ⑂ 32 +2/day
Rust
elbraino
elbraino
awesome-blackhat-arsenal

Curated collection of cybersecurity tools featured in Black Hat Arsenal events.

Score
63
★ 157 ⑂ 28 +1/day
Python
depalmar
depalmar
ai_for_the_win

Build AI-powered security tools. 50+ hands-on labs covering ML, LLMs, RAG, threat detection, DFIR, and red teaming. Includes Colab notebooks, Docker environment, and CTF challenges.

Score
65
★ 151 ⑂ 23
Python
infosecB
infosecB
Rulehound

An index of publicly available and open-source threat detection rulesets.

Score
22
★ 136 ⑂ 7
MaheshShukla1
MaheshShukla1
SOC-Analyst-Notes

Comprehensive SOC Analyst notes covering incident response, threat hunting, SOC workflows, and cybersecurity concepts—perfect for exam prep and skill-building in blue team operations.

Score
59
★ 133 ⑂ 19 +3/day
ecstatic-nobel
ecstatic-nobel
Analyst-Arsenal

A toolkit for Security Researchers

Score
24
★ 126 ⑂ 32
Python
AlbinoGazelle
AlbinoGazelle
esxi-testing-toolkit

🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.

Score
20
★ 87 ⑂ 14
Python
jonrau1
jonrau1
SyntheticSun

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

Score
0
★ 81 ⑂ 15
Python
andreicscs
andreicscs
HoneyWire

HoneyWire: The Open-Source, Unlimited Deception Platform. Turn any Linux machine into an enterprise-grade canary in 60 seconds.

Score
57
★ 80 ⑂ 3
Go
bad-antics
bad-antics
nullsec-logreaper

🪓 High-Speed Log Analysis & Forensics Tool - Part of NullSec Toolkit

Score
50
★ 80 ⑂ 6
C
alexhraber
alexhraber
flowhawk

Real-time eBPF-powered network security monitor with AI-driven threat detection. Surfaces port scans, DDoS attacks, botnet activity, and anomalies at 100Gbps+ speeds with sub-microsecond latency (~150 million packets/sec).

Score
54
★ 75 ⑂ 10
Go
infosecB
infosecB
detection-as-code

An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.

Score
7
★ 61 ⑂ 11
Python
aws-samples
aws-samples
sample-agentic-attack-tree-generator

AI-Driven Threat Modeling & Attack Tree Generation with MITRE ATT&CK Integration

Score
0
★ 59 ⑂ 11
Python
call518
call518
LogSentinelAI

LLM-powered security log analyzer: detect threats & anomalies with zero regex — just declare a Pydantic schema. Real-time Telegram alerts, SIEM-ready with Elasticsearch/Kibana. Supports OpenAI, Ollama, vLLM.

Score
52
★ 56 ⑂ 11
Python
panguard-ai
panguard-ai
panguard-ai

Open-source security platform for AI agents -- audits skills before install, monitors 24/7, shares threat intelligence across all users. | AI Agent 開源安全平台 -- 安裝前審計 skill、24/7 即時監控、社群共享威脅情報。

Score
48
★ 51 ⑂ 5 +1/day
TypeScript
paulveillard
paulveillard
cybersecurity-threat-detection

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Detection & Hunting.

Score
4
★ 50 ⑂ 9
zcyberseclab
zcyberseclab
zscan

A fast, customizable service detection tool powered by a flexible fingerprint system. It helps you identify services, APIs, and network configurations across your infrastructure.

Score
41
★ 47 ⑂ 3
Go
momenbasel
momenbasel
malware-check

Static and dynamic analysis tool for detecting malicious code, suspicious binaries, and privacy violations

Score
39
★ 45 ⑂ 6 +1/day
Python
hookprobe
hookprobe
hookprobe

🛡️ Free AI that blocks hackers while you sleep. Runs on cheap hardware. When someone in Tokyo gets attacked, you're protected in 30 seconds. No fees. No experts needed. Just protection. One node's detection → everyone's protection.

Score
46
★ 43 ⑂ 9 +1/day
Python
sefinek
sefinek
Malicious-IP-Addresses

A list of malicious IP addresses associated with botnets, cyberattacks, and the generation of artificial traffic on websites. Useful for network administrators and security companies to block threats and protect against DDoS attacks.

Score
37
★ 40 ⑂ 2 +1/day
JavaScript
anyrun
anyrun
YARA

Maintained by the ANY.RUN team, this repository provides YARA rules to help detect and classify various malware families and other malicious artifacts.

Score
17
★ 30 ⑂ 2
YARA
backbay-labs
backbay-labs
hush

Portable security rules for the action boundary of AI agents

Score
28
★ 24 ⑂ 1 +24/day
Rust
ousher
ousher
tia-framework

Autonomous AI Security Operations — 35 agents replacing $300K/year SOC teams for $50/year

Score
35
★ 23 ⑂ 4 +23/day
HTML
Mutasem-mk4
Mutasem-mk4
procscope

Zero-overhead eBPF process tracer for Linux malware triage and incident response. Traces syscalls, network, and file events per-process without strace overhead.

Score
26
★ 20 ⑂ 0 +1/day
C
mlsecdev
mlsecdev
cybersecurity-roadmap-2026

Comprehensive cybersecurity roadmap for learning ethical hacking, network security, and defensive security from beginner to advanced.

Score
30
★ 19 ⑂ 5 +2/day
Net-Zer0
Net-Zer0
Git-MalScan

A Python script to automatically search GitHub for .exe, .com, .pif, .msi, .scr, .bat, .cmd, .dll, .sys, .drv, .ocx, .vbs, .js, .ps1, .hta, .wsf, .lnk, .sh, .py, .zip, .rar, .7z, .tar, .gz, .iso, .docm, .xlsm, .pptm, .apk, .jar files, download them, and scan them for malware using ClamAV and VirusTotal.

Score
2
★ 14 ⑂ 0 +2/day
Python
dereeqw
dereeqw
BerrySentinel

Berry Sentinel v5.0 — Advanced behavioral C2 and reverse shell detector for Linux/Windows/Unix systems. Features real-time connection analysis, heuristic scoring, C2 framework signature detection, beacon interval analysis, and an interactive curses-based TUI with process kill engine.

Score
9
★ 13 ⑂ 0
Python
marichu-kt
marichu-kt
local-network-attack-defense-simulator

Este proyecto es un simulador de ciberseguridad diseñado para entornos educativos. Permite a estudiantes practicar técnicas de ataque y defensa en un entorno controlado, replicando situaciones reales de ciberseguridad sin riesgo para sistemas en producción.

Score
0
★ 11 ⑂ 0
Python
Jazeredz
Jazeredz
DLL-Hijacking-Vulnerability-Scanner

It is a powerful tool designed to detect DLL hijacking vulnerabilities in executable files.

Score
13
★ 10 ⑂ 0
C++
elementmerc
elementmerc
anya

A malware analysis platform built in Rust

Score
11
★ 10 ⑂ 1
Rust
jonathanciapetti
jonathanciapetti
picklevw

A simple reader with GUI, for pickle files.

Score
15
★ 10 ⑂ 0
Python
Related Topics
#cybersecurity#security#threat-intelligence#threat-hunting#incident-response#detection-engineering#malware-analysis#security-tools#siem#python#ai-security#mitre-attack

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly