Detection Rules
0
Free
Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine. This repository was first announced on Elastic's blog post, Elastic Security opens public detection rules repo. For additional content, see the accompanying webinar, Elastic Security: Introducing the public repository for detection rules. Table of Contents - Overview of this repository - Getting started - How to contribute - Licensing - Questions? Problems? Suggestions? Detection Rules contains more than just static rule files. This repository also contains code for unit testing in Python and integrating with the Detection Engine in Kibana. - detection_rules/ Python module for rule parsing, validating and packaging - etc/ Miscellaneous files, such as ECS and Beats schemas - kibana/ Python library for handling the API calls to Kibana and the Detection Engine - kql/ Python library for parsing and validating Kibana Query Language - rta/ Red Team Automation code used to emulate attacker techniques, used for red teaming exercises.
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
Repository with projects for photo and video hashing, content moderation, and signal exchange.
Automatically curate open-source Yara rules and run scans with YAYA.
Proof-of-concept implementation of TAXII services for developers and non-developers.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security