Detection Rules Logo

Detection Rules

0
Free
Visit Website

Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine. This repository was first announced on Elastic's blog post, Elastic Security opens public detection rules repo. For additional content, see the accompanying webinar, Elastic Security: Introducing the public repository for detection rules. Table of Contents - Overview of this repository - Getting started - How to contribute - Licensing - Questions? Problems? Suggestions? Detection Rules contains more than just static rule files. This repository also contains code for unit testing in Python and integrating with the Detection Engine in Kibana. - detection_rules/ Python module for rule parsing, validating and packaging - etc/ Miscellaneous files, such as ECS and Beats schemas - kibana/ Python library for handling the API calls to Kibana and the Detection Engine - kql/ Python library for parsing and validating Kibana Query Language - rta/ Red Team Automation code used to emulate attacker techniques, used for red teaming exercises.

FEATURES

ALTERNATIVES

Real-time monitoring tool for newly issued SSL certificates.

A cybersecurity tool with online demo, mailing list, and multiple installation methods.

Cisco Umbrella is a cloud security platform that offers protection against threats on the internet by blocking malicious activity.

SecurityTrails API provides access to a vast repository of historical DNS lookups, WHOIS records, hostnames, and domains for cyber forensics and investigations.

LOKI is a simple IOC and YARA Scanner for Indicators of Compromise Detection.

Get insights into the latest cybersecurity trends and expert advice on enhancing organizational security.

Deception based detection techniques with MITRE ATT&CK mapping and Honey Resources.

Lists of sources and utilities to hunt, detect, and prevent evildoers.