Detection Engineering Tools
Detection engineering and detection-as-code platforms for authoring, managing, testing, translating, sharing, and deploying detection rules and content (Sigma, YARA, Suricata, SIEM/EDR correlation rules) across the SOC. Includes detection rule repositories, generators, converters, and rule-management tooling.
Browse 188 detection engineering tools
FEATURED
USE CASES
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
Sample detection rules and dashboards for Google Security Operations
GCTI's open-source detection signatures for malware and threat detection
Cyber Intelligence Management Platform with threat tracking, forensic artifacts, and YARA rule storage.
Instructions for setting up SIREN, including downloading Linux dependencies, cloning the repository, setting up virtual environment, installing pip requirements, running SIREN, setting up Snort on Pi, and MySQL setup.
A repository of freely usable Yara rules for detection systems, with automated error detection workflows.
YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.
A YARA interactive debugger for the YARA language written in Rust, providing features like function calls, constant evaluation, and string matching.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
Yara rule generator using VirusTotal code similarity feature code-similar-to.
A community-maintained repository of YARA rules for detecting and classifying malware based on patterns and characteristics.
A .Net wrapper library for the native Yara library with interoperability and portability features.
BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.
Repository of YARA rules for Trellix ATR blogposts and investigations
A tool for tracking, scanning, and filtering yara files with distributed scanning capabilities.
YARA-Endpoint is a client-server architecture tool that can be used for endpoint protection and incident response.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
A semi-automatic tool to generate YARA rules from virus samples.
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.
A Sysmon configuration file template with detailed explanations and tutorial-like features.
