Google Security Operations Detection Rules
0
Free
This repository contains sample detection rules and dashboards for use within Google Security Operations. Rules within the community directory were created by the Google Security Operations Security team and members of the Google Security Operations user community. These rules take advantage of the latest YARA-L syntax, provide a starter set of rules that can be used with Google Security Operations' entity graph as well as for other use cases or as inspiration for new use cases. Rules within the soc_prime_rules directory were created by SOC Prime and made available to Google Security Operations Customers. Before deploying any rules, using Google Security Operations' test rule functionality is considered a best practice and provides the opportunity for users to tune rules to their environment before creating alerts for them. Dashboard YAML files can be imported into Google Security Operations dashboards using the Add - Import Dashboard capability found next to the Personal Dashboards or Shared Dashboards section of the UI. The intent of this is to provide sample dashboards that can serve as templates, inspiration or starting points for your
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
A collection of Yara rules for the Burp Yara-Scanner extension to identify malicious software on websites.
Repository of Yara signatures for detecting targeted attacks on civil society organizations
Cisco Umbrella is a cloud security platform that offers protection against threats on the internet by blocking malicious activity.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.
A visualization tool for threat analysis that organizes APT campaign information and visualizes relations of IOC.
Robust Python SDK and Command Line Client for interacting with IntelOwl's API.
MaxMind provides accurate IP geolocation and online fraud detection solutions to create safer digital experiences.
Commercial
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security