347 Open source projects that are alternatives of or similar to detection-rules

Open-source framework to detect outliers in Elasticsearch events

Pushes Sysmon Configs

SIEM Tactics, Techiques, and Procedures

Repository for threat hunting and detection queries, tools, etc.

Splunk code (SPL) useful for serious threat hunters.

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

Deploy and maintain Symon through the Splunk Deployment Sever

A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Repository with Sample KQL Query examples for Threat Hunting

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook

Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques

Kong API Manager with Prometheus And Graylog

Microsoft Sentinel SOC Operations

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Generic Signature Format for SIEM Systems

Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.

An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.

Mean-Shifted Contrastive Loss for Anomaly Detection

PANDA: Adapting Pretrained Features for Anomaly Detection and Segmentation (CVPR 2021)

A Splunk modular input for ingesting Prometheus metrics

A simple threat hunting tool based on osquery, Salt Open and Cymon API

Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

Demo for Elastic's Auditbeat and SIEM

Splunk Connect for Ethereum

Splunk HTTP Event Collector (HEC) Golang library

An anomaly detection library comprising state-of-the-art algorithms and features such as experiment management, hyper-parameter optimization, and edge inference.

Implementation of TheWebConf 2021 -- Few-shot Network Anomaly Detection via Cross-network Meta-learning

SIEM Logstash parsing for more than hundred technologies

The Ultimate OSINT and Threat Hunting Framework

Source code of the KDD19 paper "Deep anomaly detection with deviation networks", weakly/partially supervised anomaly detection, few-shot anomaly detection

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Random hunting ordiented yara rules

Official source code of "Fast Adaptive RNN Encoder-Decoder for Anomaly Detection in SMD Assembly Machine"

Automatic detection engineering technical state compliance

Official pytorch implementation of the paper: "A Hierarchical Transformation-Discriminating Generative Model for Few Shot Anomaly Detection"

Vault plugin to securely manage Splunk admin accounts and password rotation

Supplementary material for IJCNN paper "XGBOD: Improving Supervised Outlier Detection with Unsupervised Representation Learning"

https://events.kaspersky.com/hackathon/

Add-on for ingesting DMARC aggregate reports into Splunk

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

fast implementation of singular spectrum transformation (change point detection algorithm)

An app to analyze tweets using Amazon Comprehend's Sentiment Analysis service

Deploy Google Cloud log export to Splunk using Terraform

The Combined Anomalous Object Segmentation (CAOS) Benchmark

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Example of Anomaly Detection using Convolutional Variational Auto-Encoder (CVAE)

hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)

A quick and dirty vehicle speed detector using video + anomaly detection

Threat hunting Web Windows AD linux ATT&CK TTPs

[ti]ny [li]ttle machine learning [tool]box - Machine learning, anomaly detection, one-class classification, and structured output prediction

recon-ng modules for Censys

Official code for 'Weakly-supervised Video Anomaly Detection with Robust Temporal Feature Magnitude Learning' [ICCV 2021]

The collection of pre-trained, state-of-the-art AI models for ailia SDK

Official PyTorch implementation of the paper “Explainable Deep Few-shot Anomaly Detection with Deviation Networks”, weakly/partially supervised anomaly detection, few-shot anomaly detection, image defect detection.

anomaly detection with anomalize and Google Trends data

A Lambda-powered Security Orchestration framework for AWS GuardDuty

Semantic Logger is a feature rich logging framework, and replacement for existing Ruby & Rails loggers.