Threat Detection

A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.

Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.

A command-line tool that analyzes local CloudTrail files to detect off-instance AWS key usage patterns for security monitoring and forensic analysis.

KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.

ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.

Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.

CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.

IBM QRadar is a SIEM solution for real-time threat detection.

Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.

AI-driven XDR platform for endpoint security with threat prevention and detection

An Ansible role that automates the deployment and management of Bifrozt honeypots for network security monitoring.

Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.

POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.

Official repository of YARA rules for threat detection and hunting

Free cyber threat intelligence feeds for proactive threat detection

An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.

Automated DFIR platform for rapid incident investigation and endpoint triage

Hybrid cloud security platform with workload and network protection

SkyWrapper analyzes temporary token behaviors in AWS accounts to detect suspicious activities and generates Excel reports with findings summaries.

RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.

A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.

Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.

A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.

ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.