Google Security Operations Detection Rules Logo

Google Security Operations Detection Rules

0
Free
Visit Website

This repository contains sample detection rules and dashboards for use within Google Security Operations. Rules within the community directory were created by the Google Security Operations Security team and members of the Google Security Operations user community. These rules take advantage of the latest YARA-L syntax, provide a starter set of rules that can be used with Google Security Operations' entity graph as well as for other use cases or as inspiration for new use cases. Rules within the soc_prime_rules directory were created by SOC Prime and made available to Google Security Operations Customers. Before deploying any rules, using Google Security Operations' test rule functionality is considered a best practice and provides the opportunity for users to tune rules to their environment before creating alerts for them. Dashboard YAML files can be imported into Google Security Operations dashboards using the Add - Import Dashboard capability found next to the Personal Dashboards or Shared Dashboards section of the UI. The intent of this is to provide sample dashboards that can serve as templates, inspiration or starting points for your

FEATURES

ALTERNATIVES

Parse IOCs from text

A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.

A list of most queried domains based on passive DNS usage across the Umbrella global network.

Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.

Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.

A library of adversary emulation plans to evaluate defensive capabilities against real-world threats.

An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.

CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.

PINNED