Google Security Operations Detection Rules
This repository contains sample detection rules and dashboards for use within Google Security Operations. Rules within the community directory were created by the Google Security Operations Security team and members of the Google Security Operations user community. These rules take advantage of the latest YARA-L syntax, provide a starter set of rules that can be used with Google Security Operations' entity graph as well as for other use cases or as inspiration for new use cases. Rules within the soc_prime_rules directory were created by SOC Prime and made available to Google Security Operations Customers. Before deploying any rules, using Google Security Operations' test rule functionality is considered a best practice and provides the opportunity for users to tune rules to their environment before creating alerts for them. Dashboard YAML files can be imported into Google Security Operations dashboards using the Add - Import Dashboard capability found next to the Personal Dashboards or Shared Dashboards section of the UI. The intent of this is to provide sample dashboards that can serve as templates, inspiration or starting points for your
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Automatic YARA rule generator based on Koodous reports with limited false positives.
A project sharing malicious URLs used for malware distribution to help protect networks.
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
Silobreaker is an intelligence platform that processes unstructured data from open and dark web sources to support cyber threat intelligence, vulnerability management, and risk assessment workflows.
A library of Amazon S3 attack scenarios with mitigation strategies.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
A comprehensive Continuous Threat Exposure Management platform that combines AI-driven vulnerability assessment, penetration testing, and attack surface management to help organizations discover, prioritize, and remediate security vulnerabilities.
Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.