Detection Engineering Tools
Detection engineering and detection-as-code platforms for authoring, managing, testing, translating, sharing, and deploying detection rules and content (Sigma, YARA, Suricata, SIEM/EDR correlation rules) across the SOC. Includes detection rule repositories, generators, converters, and rule-management tooling.
Browse 188 detection engineering tools
FEATURED
USE CASES
A Yara scanner for IMAP feeds and saved streams, extracting attachments and scanning them with chosen Yara rule files.
A web-based manager for Yara rules, allowing for storage, editing, and management of Yara rules.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
Binsequencer automatically generates YARA detection rules by analyzing collections of similar malware samples and identifying common x86 instruction sequences across the corpus.
A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.
Automatic YARA rule generator based on Koodous reports with limited false positives.
A collection of public YARA signatures for various malware families.
A tool that generates Yara rules from training data using logistic regression and random forest classifiers.
A powerful tool for detecting and identifying malware using a rule-based system.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
YARA extension for Visual Studio Code with code completion and snippets
A collection of Yara rules licensed under the DRL 1.1 License.
IDAPython plugin for generating Yara rules/patterns from x86/x86-64 code through parameterization.
Hyara is a plugin that simplifies writing YARA rules with various convenient features.
A community-led project focused on standardizing security event logs.
YARA module for supporting DCSO format bloom filters with hashlookup capabilities.
VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.
YARA rules for ProcFilter to detect malware and threats
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
