Detection Engineering Tools
Detection engineering and detection-as-code platforms for authoring, managing, testing, translating, sharing, and deploying detection rules and content (Sigma, YARA, Suricata, SIEM/EDR correlation rules) across the SOC. Includes detection rule repositories, generators, converters, and rule-management tooling.
Browse 188 detection engineering tools
FEATURED
USE CASES
A project providing open-source YARA rules for malware and malicious file detection
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
A parsing tool for Yara Scan Service's JSON output file to help maximize benefits and automate parsing of Yara Scan Service results.
A strings statistics calculator for YARA rules to aid malware research.
A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.
A Django web interface for managing Yara rules with features like search, categorization, and bulk edits.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
Use FindYara, an IDA python plugin, to scan your binary with yara rules and quickly jump to matches.
Management portal for LoKi scanner with centralized database for scanning activities.
A Go library for manipulating YARA rulesets with the ability to programatically change metadata, rule names, and more.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
A comprehensive auditd configuration for Linux systems following best practices.
LOKI is a simple IOC and YARA Scanner for Indicators of Compromise Detection.
Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.
Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.
Collection of Yara rules for file identification and classification
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
A collection of YARA rules for research and hunting purposes.
A library and command line interface for extracting URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora.
Knowledge base workflow management dashboard for YARA rules and C2 artifacts.
