From d6a4a3e3564f5ac4948c31eda8592b608592a316 Mon Sep 17 00:00:00 2001
From: Matthias Vallentin <matthias@vallentin.net>
Date: Sun, 13 Jun 2021 09:58:52 +0200
Subject: [PATCH 1/8] Add Threat Bus

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 5e589d5..631f776 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,7 @@
 - [YARA](https://github.com/virustotal/yara) - The pattern matching swiss knife
 - [Intel Owl](https://github.com/intelowlproject/IntelOwl) - An Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale.
 - [Capa](https://github.com/fireeye/capa) - An open-source tool to identify capabilities in executable files.
+- [Threat Bus](https://github.com/tenzir/threatbus) - Threat intelligence dissemination layer to connect security tools through a distributed publish/subscribe message broker.
 
 #### Alerting Engine
 

From 17ce6f62294b856294213e73e57036d98f94f657 Mon Sep 17 00:00:00 2001
From: infosecB <infosecB@users.noreply.github.com>
Date: Mon, 19 Jul 2021 08:18:14 -0400
Subject: [PATCH 2/8] Added MaGMa

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 5e589d5..11de270 100644
--- a/README.md
+++ b/README.md
@@ -182,6 +182,7 @@
 - [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
 - [OSSEM](https://github.com/hunters-forge/OSSEM) (Open Source Security Events Metadata) - A community-led project that focuses on the documentation and standardization of security event logs from diverse data sources and operating systems
 - [MITRE Shield](https://shield.mitre.org) - A knowledge base of active defense techniques and tactics ([Active Defense Matrix](https://shield.mitre.org/matrix/))
+- [MaGMa Use Case Defintion Model](https://www.betaalvereniging.nl/wp-content/uploads/FI-ISAC-use-case-framework-verkorte-versie.pdf) - A business-centric approach for planning and defining threat detection use cases.
 
 #### DNS
 

From a000adbddc6a86b6b170aa35cecfddff732d0a19 Mon Sep 17 00:00:00 2001
From: infosecB <infosecB@users.noreply.github.com>
Date: Mon, 19 Jul 2021 08:23:36 -0400
Subject: [PATCH 3/8] Added 2 blog items

Anton Chuvakin & Alexandre Teixeira
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 11de270..5cd0f59 100644
--- a/README.md
+++ b/README.md
@@ -285,6 +285,8 @@
 - [CyberWardog's Blog](https://medium.com/@Cyb3rWard0g) ([old](https://cyberwardog.blogspot.com))
 - [Chris Sanders' Blog](https://chrissanders.org)
 - [Kolide Blog](https://blog.kolide.com/)
+- [Anton Chuvakin](https://medium.com/anton-on-security)
+- [Alexandre Teixeira](https://ateixei.medium.com)
 
 ### Videos
 

From 8ddc8602d9828da361785c143e7faaefca923301 Mon Sep 17 00:00:00 2001
From: infosecB <infosecB@users.noreply.github.com>
Date: Mon, 19 Jul 2021 08:27:31 -0400
Subject: [PATCH 4/8] Added uncoder to tools

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 5cd0f59..d7a243e 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,7 @@
 - [YARA](https://github.com/virustotal/yara) - The pattern matching swiss knife
 - [Intel Owl](https://github.com/intelowlproject/IntelOwl) - An Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale.
 - [Capa](https://github.com/fireeye/capa) - An open-source tool to identify capabilities in executable files.
+- [Uncoder Rule Converter](https://uncoder.io) - A tool that can convert detection content for use with most SIEMs.
 
 #### Alerting Engine
 

From 9d35c65138f2546f29490bb01367314aabc75ebd Mon Sep 17 00:00:00 2001
From: infosecB <infosecB@users.noreply.github.com>
Date: Mon, 19 Jul 2021 08:29:00 -0400
Subject: [PATCH 5/8] Remove uncoder dupe

---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index d7a243e..5cd0f59 100644
--- a/README.md
+++ b/README.md
@@ -72,7 +72,6 @@
 - [YARA](https://github.com/virustotal/yara) - The pattern matching swiss knife
 - [Intel Owl](https://github.com/intelowlproject/IntelOwl) - An Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale.
 - [Capa](https://github.com/fireeye/capa) - An open-source tool to identify capabilities in executable files.
-- [Uncoder Rule Converter](https://uncoder.io) - A tool that can convert detection content for use with most SIEMs.
 
 #### Alerting Engine
 

From e45d957baef9f3fcc2e44aeaa268398b41812c39 Mon Sep 17 00:00:00 2001
From: infosecB <infosecB@users.noreply.github.com>
Date: Mon, 19 Jul 2021 08:36:47 -0400
Subject: [PATCH 6/8] Added tools

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 5cd0f59..77887e7 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,7 @@
 - [YARA](https://github.com/virustotal/yara) - The pattern matching swiss knife
 - [Intel Owl](https://github.com/intelowlproject/IntelOwl) - An Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale.
 - [Capa](https://github.com/fireeye/capa) - An open-source tool to identify capabilities in executable files.
+- [Splunk Security Content](https://github.com/splunk/security_content) Splunk-curated detection content that can easily be used accross many SIEMs (see Uncoder Rule Converter.) 
 
 #### Alerting Engine
 

From 10f77414c87ea47343aed0777b115ea26667966b Mon Sep 17 00:00:00 2001
From: infosecB <infosecB@users.noreply.github.com>
Date: Mon, 19 Jul 2021 08:45:22 -0400
Subject: [PATCH 7/8] Added more resources.

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 77887e7..94445e9 100644
--- a/README.md
+++ b/README.md
@@ -168,6 +168,8 @@
 - [Capability Abstraction](https://posts.specterops.io/capability-abstraction-fbeaeeb26384) ([PDF](docs/specterops-CapabilityAbstraction.pdf))
 - [Awesome YARA](https://github.com/InQuest/awesome-yara) - A curated list of awesome YARA rules, tools, and resources
 - [Defining ATT&CK Data Sources](https://medium.com/mitre-attack/defining-attack-data-sources-part-i-4c39e581454f) - A two-part blog series that outlines a new methodology to extend ATT&CK’s current data sources.
+- [DETT&CT: MAPPING YOUR BLUE TEAM TO MITRE ATT&CK™](https://www.mbsecure.nl/blog/2019/5/dettact-mapping-your-blue-team-to-mitre-attack) - A blog that describes how to align MITRE ATT&CK-based detection content with data sources.
+- Detection as Code in Splunk [Part 1, ](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-splunk-security-content-part-1.html)[Part 2,](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-splunk-s-attack-range-part-2.html)[and Part 3](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-failing-part-3.html) - A multipart series describing how detection as code can be successfully deployed in a Splunk environment.
 
 #### Frameworks
 

From 732b806e0f0413141328425c4cec4d737a62ba8e Mon Sep 17 00:00:00 2001
From: infosecB <infosecB@users.noreply.github.com>
Date: Mon, 19 Jul 2021 08:47:24 -0400
Subject: [PATCH 8/8] Final add to resources.

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 94445e9..1ef9eb4 100644
--- a/README.md
+++ b/README.md
@@ -169,7 +169,8 @@
 - [Awesome YARA](https://github.com/InQuest/awesome-yara) - A curated list of awesome YARA rules, tools, and resources
 - [Defining ATT&CK Data Sources](https://medium.com/mitre-attack/defining-attack-data-sources-part-i-4c39e581454f) - A two-part blog series that outlines a new methodology to extend ATT&CK’s current data sources.
 - [DETT&CT: MAPPING YOUR BLUE TEAM TO MITRE ATT&CK™](https://www.mbsecure.nl/blog/2019/5/dettact-mapping-your-blue-team-to-mitre-attack) - A blog that describes how to align MITRE ATT&CK-based detection content with data sources.
-- Detection as Code in Splunk [Part 1, ](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-splunk-security-content-part-1.html)[Part 2,](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-splunk-s-attack-range-part-2.html)[and Part 3](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-failing-part-3.html) - A multipart series describing how detection as code can be successfully deployed in a Splunk environment.
+- Detection as Code in Splunk [Part 1, ](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-splunk-security-content-part-1.html)[Part 2, ](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-splunk-s-attack-range-part-2.html)[and Part 3](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-failing-part-3.html) - A multipart series describing how detection as code can be successfully deployed in a Splunk environment.
+- [Lessons Learned in Detection Engineering](https://medium.com/starting-up-security/lessons-learned-in-detection-engineering-304aec709856) - A well experienced detection engineer describes in detail his observations, challenges, and recommendations for building an effective threat detection program.
 
 #### Frameworks