Detection Rules
Browse 27 detection rules tools
FEATURED
AI-powered SOC platform with threat intelligence for detection and response
AI-powered SOC platform with threat intelligence for detection and response
AI-powered SIEM platform for alert triage, detection engineering, and IR.
AI-powered SIEM platform for alert triage, detection engineering, and IR.
Code-based threat detection platform with built-in rules and Python customization
Code-based threat detection platform with built-in rules and Python customization
MDR service with threat hunting, automated response, and 24/7 monitoring
MDR service with threat hunting, automated response, and 24/7 monitoring
Unified MDR platform with SIEM, threat hunting, and SOAR capabilities
Unified MDR platform with SIEM, threat hunting, and SOAR capabilities
Validates detective security controls through attack simulations and testing
Validates detective security controls through attack simulations and testing
Human-led adversary emulation service testing detection & response capabilities
Human-led adversary emulation service testing detection & response capabilities
Community platform for sharing and creating detection rules with AI
Community platform for sharing and creating detection rules with AI
SANS survey report on ICS/OT cybersecurity detection and response practices
SANS survey report on ICS/OT cybersecurity detection and response practices
Open-source detection rules for email attacks like BEC, phishing, and malware
Open-source detection rules for email attacks like BEC, phishing, and malware
Searchable repository of Sigma detection rules for threat hunting and SIEM
Searchable repository of Sigma detection rules for threat hunting and SIEM
Detection-as-code platform for managing detection rules across SIEM/EDR/XDR
Detection-as-code platform for managing detection rules across SIEM/EDR/XDR
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
A mapping tool that correlates MITRE ATT&CK techniques with atomic tests and detection rules to analyze security detection coverage.
A mapping tool that correlates MITRE ATT&CK techniques with atomic tests and detection rules to analyze security detection coverage.
A newsletter service that tracks and reports weekly changes in detection engineering rules and updates across multiple GitHub repositories.
A newsletter service that tracks and reports weekly changes in detection engineering rules and updates across multiple GitHub repositories.
AI-powered SOC platform for detection engineering across SIEMs & data lakes
AI-powered SOC platform for detection engineering across SIEMs & data lakes
Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.
Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.
A signature-based, multi-threaded honeypot detection tool written in Golang that identifies honeypots through crafted requests and response analysis.
A signature-based, multi-threaded honeypot detection tool written in Golang that identifies honeypots through crafted requests and response analysis.
A repository of officially managed detection rules for the Falco runtime security monitoring system that identifies threats, abnormal behaviors, and compliance violations through syscall and container event analysis.
A repository of officially managed detection rules for the Falco runtime security monitoring system that identifies threats, abnormal behaviors, and compliance violations through syscall and container event analysis.
A free web-based Yara debugger for security analysts to write hunting or detection rules with ease.
A free web-based Yara debugger for security analysts to write hunting or detection rules with ease.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.
Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.
