Detection Rules Logo

Detection Rules

0
Free
Visit Website

Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine. This repository was first announced on Elastic's blog post, Elastic Security opens public detection rules repo. For additional content, see the accompanying webinar, Elastic Security: Introducing the public repository for detection rules. Table of Contents - Overview of this repository - Getting started - How to contribute - Licensing - Questions? Problems? Suggestions? Detection Rules contains more than just static rule files. This repository also contains code for unit testing in Python and integrating with the Detection Engine in Kibana. - detection_rules/ Python module for rule parsing, validating and packaging - etc/ Miscellaneous files, such as ECS and Beats schemas - kibana/ Python library for handling the API calls to Kibana and the Detection Engine - kql/ Python library for parsing and validating Kibana Query Language - rta/ Red Team Automation code used to emulate attacker techniques, used for red teaming exercises.

FEATURES

ALTERNATIVES

An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.

Collection of Yara rules for file identification and classification

A project sharing malicious URLs used for malware distribution to help protect networks.

A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.

An informational repo about hunting for adversaries in your IT environment.

Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.

A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel

Yara rule generator using VirusTotal code similarity feature code-similar-to.

PINNED