Google Security Operations Detection Rules
0
Free
This repository contains sample detection rules and dashboards for use within Google Security Operations. Rules within the community directory were created by the Google Security Operations Security team and members of the Google Security Operations user community. These rules take advantage of the latest YARA-L syntax, provide a starter set of rules that can be used with Google Security Operations' entity graph as well as for other use cases or as inspiration for new use cases. Rules within the soc_prime_rules directory were created by SOC Prime and made available to Google Security Operations Customers. Before deploying any rules, using Google Security Operations' test rule functionality is considered a best practice and provides the opportunity for users to tune rules to their environment before creating alerts for them. Dashboard YAML files can be imported into Google Security Operations dashboards using the Add - Import Dashboard capability found next to the Personal Dashboards or Shared Dashboards section of the UI. The intent of this is to provide sample dashboards that can serve as templates, inspiration or starting points for your
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks with extensive functionality for log data analysis, threat intelligence enrichment, and visualization.
Packet Storm is a global security resource providing around-the-clock information and tools to mitigate personal data and fiscal loss on a global scale.
A free and open-source OSINT framework for gathering and analyzing data from various sources
Automated framework for collecting and processing samples from VirusTotal with YARA rule integration.
A serverless application for creating and monitoring URL tokens with threat intelligence and customizable alerts.
OpenPhish provides real-time phishing trends, detecting new phishing URLs and targeting various brands.
A daily collection of IOCs from various sources, including articles and tweets.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security