159 Open source projects that are alternatives of or similar to SIGMA-detection-rules

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

A repository of sysmon configuration modules

Threat Detection & Anomaly Detection rules for popular open-source components

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

A Linux Auditd rule set mapped to MITRE's Attack Framework

PCAP Samples for Different Post Exploitation Techniques

An Active Defense and EDR software to empower Blue Teams

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

Recon Hunt Queries

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Windows Events Attack Samples

Misc Threat Hunting Resources

See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)

Open Source EDR for Windows

Find phishing kits which use your brand/organization's files and image.

Tracking APT IOCs

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..

Open-source framework to detect outliers in Elasticsearch events

SIEM Tactics, Techiques, and Procedures

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

CIF v3 -- the fastest way to consume threat intelligence

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.

Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.

Render igraphs from R using Sigma.js

🚌 The missing link to connect open-source threat intelligence tools.

A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

🔧 Automatically deploy customizable Active Directory labs in Azure

PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

Deploy and maintain Symon through the Splunk Deployment Sever

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

This repository contains tools used by 401trg.

Tools for hunting for threats.

the fastest way to consume threat intelligence.

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Capture passwords of login attempts on non-existent and disabled accounts.

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

All-in-one bundle of MISP, TheHive and Cortex

Splunk code (SPL) useful for serious threat hunters.

The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.

This project empowers defenders with independent data on which native security controls of leading technology platforms are most useful in defending against the adversary TTPs they care about.

A curated list of awesome threat detection and hunting resources

A toolkit for Security Researchers

Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

A curated list of awesome YARA rules, tools, and people.

Malware Sample Sources

A python module for working with ATT&CK

A helper to run OSINT queries & manage results continuously

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

PatrowlHears - Vulnerability Intelligence Center / Exploits