Detection Engineering Tools
Detection engineering and detection-as-code platforms for authoring, managing, testing, translating, sharing, and deploying detection rules and content (Sigma, YARA, Suricata, SIEM/EDR correlation rules) across the SOC. Includes detection rule repositories, generators, converters, and rule-management tooling.
Browse 188 detection engineering tools
FEATURED
USE CASES
Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.
A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.
Collects Yara rules from over 150 free resources, a free alternative to Valhalla.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
Automatically curate open-source Yara rules and run scans with YAYA.
A free web-based Yara debugger for security analysts to write hunting or detection rules with ease.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.
Define and validate YARA rule metadata with CCCS YARA Specification.
A collection of YARA rules for public use, built from intelligence profiles and file work.
CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
yextend extends Yara's functionality by automatically handling archived and compressed content inflation, enabling pattern matching on files buried within multiple layers of archives.
A program to manage yara ruleset in a database with support for different databases and configuration options.
A free, fast, and flexible multi-platform IOC and YARA scanner for Windows, Linux, and macOS.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
