Google Security Operations Detection Rules
This repository contains sample detection rules and dashboards for use within Google Security Operations. Rules within the community directory were created by the Google Security Operations Security team and members of the Google Security Operations user community. These rules take advantage of the latest YARA-L syntax, provide a starter set of rules that can be used with Google Security Operations' entity graph as well as for other use cases or as inspiration for new use cases. Rules within the soc_prime_rules directory were created by SOC Prime and made available to Google Security Operations Customers. Before deploying any rules, using Google Security Operations' test rule functionality is considered a best practice and provides the opportunity for users to tune rules to their environment before creating alerts for them. Dashboard YAML files can be imported into Google Security Operations dashboards using the Add - Import Dashboard capability found next to the Personal Dashboards or Shared Dashboards section of the UI. The intent of this is to provide sample dashboards that can serve as templates, inspiration or starting points for your
FEATURES
ALTERNATIVES
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A simple, self-contained modular host-based IOC scanner for incident responders.
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
A modular tool for collecting intelligence sources for files and outputting in CSV format.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
OSINTLeak
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.