gf4
/
awesome-threat-detection
mirror of https://git.hackliberty.org/Awesome-Mirrors/awesome-threat-detection
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into josh.sublime_tool

pull/33/head
Adel K 2023-07-26 23:57:43 +02:00 committed by GitHub
parent bfb98ec0d2 2f420f2da5
commit b0dcad4c14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.html
View File

@ -19,6 +19,7 @@
<li><a href="#detection-alerting-and-automation-platforms">Detection, Alerting and Automation Platforms</a></li>
<li><a href="#endpoint-monitoring">Endpoint Monitoring</a></li>
<li><a href="#network-monitoring">Network Monitoring</a></li></ul></li>
<li><a href="#email-monitoring">Email Monitoring</a></li></ul></li>
<li>🔍 <a href="#detection-rules">Detection Rules</a></li>
<li>📑 <a href="#dataset">Dataset</a></li>
<li>📘 <a href="#resources">Resources</a><ul>
@ -91,6 +92,7 @@
<li><a href="https://github.com/matanolabs/matano">Matano</a>: An open source security lake platform (SIEM alternative) for threat hunting, detection and response on AWS. Matano lets you write advanced detections as code (using python) to correlate and alert on threats in realtime.</li>
<li><a href="https://github.com/Shuffle/Shuffle">Shuffle</a>: A general purpose security automation platform.</li>
<li><a href="https://github.com/sublime-security/sublime-platform">Sublime</a>: An open platform for detection, response, and threat hunting in email environments. Sublime lets you write advanced detections as code to alert and remediate threats like phishing in real-time.</li>
<li><a href="https://github.com/brexhq/substation">Substation</a> - A cloud native data pipeline and transformation toolkit for security teams.</li>
</ul>
<h3 id="endpoint-monitoring">Endpoint Monitoring</h3>
<ul>
@ -137,6 +139,10 @@
<li><a href="https://github.com/CERT-Polska/hfinger">Hfinger</a> - Fingerprinting HTTP requests</li>
<li><a href="https://github.com/salesforce/jarm">JARM</a> - An active Transport Layer Security (TLS) server fingerprinting tool.</li>
</ul>
<h3 id="email-monitoring">Email Monitoring</h3>
<ul>
<li><a href="https://github.com/sublime-security/sublime-platform">Sublime Platform</a> - An email threat detection engine</li>
</ul>
<h2 id="detection-rules">Detection Rules</h2>
<ul>
<li><a href="https://github.com/SigmaHQ/sigma">Sigma</a> - Generic Signature Format for SIEM Systems</li>
@ -146,6 +152,7 @@
<li><a href="https://github.com/InQuest/awesome-yara#rules">Awesome YARA Rules</a></li>
<li><a href="https://github.com/chronicle/detection-rules">Chronicle Detection Rules</a> - Collection of YARA-L 2.0 sample rules for the Chronicle Detection API.</li>
<li><a href="https://github.com/GoogleCloudPlatform/security-analytics">GCP Security Analytics</a> - Community Security Analytics provides a set of community-driven audit &amp; threat queries for Google Cloud.</li>
<li><a href="https://github.com/sublime-security/sublime-rules">Sublime Detection Rules</a> - Email attack detection, response, and hunting rules.</li>
</ul>
<h2 id="dataset">Dataset</h2>
<ul>
@ -205,6 +212,7 @@
<li>Detection as Code in Splunk <a href="https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-splunk-security-content-part-1.html">Part 1, </a><a href="https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-splunk-s-attack-range-part-2.html">Part 2, </a><a href="https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-failing-part-3.html">and Part 3</a> - A multipart series describing how detection as code can be successfully deployed in a Splunk environment.</li>
<li><a href="https://medium.com/starting-up-security/lessons-learned-in-detection-engineering-304aec709856">Lessons Learned in Detection Engineering</a> - A well experienced detection engineer describes in detail his observations, challenges, and recommendations for building an effective threat detection program.</li>
<li><a href="https://ateixei.medium.com/a-research-driven-process-applied-to-threat-detection-engineering-inputs-1b7e6fe0412b">A Research-Driven process applied to Threat Detection Engineering Inputs</a>.</li>
<li><a href="https://ohmymalware.com">A video series focused on malware execution and investigations using Elastic Security</a>.</li>
</ul>
<h3 id="frameworks">Frameworks</h3>
<ul>

11
README.md
View File

@ -11,6 +11,7 @@
- [Detection, Alerting and Automation Platforms](#detection-alerting-and-automation-platforms)
- [Endpoint Monitoring](#endpoint-monitoring)
- [Network Monitoring](#network-monitoring)
- [Email Monitoring](#email-monitoring)
- 🔍 [Detection Rules](#detection-rules)
- 📑 [Dataset](#dataset)
- 📘 [Resources](#resources)
@ -21,7 +22,7 @@
- [DNS](#dns)
- [Fingerprinting](#fingerprinting)
- [Data Science](#data-science)
- [Research Papers](research-papers)
- [Research Papers](#research-papers)
- [Blogs](#blogs)
- [Related Awesome Lists](#related-awesome-lists)
- 🎙️ [Podcasts](#podcasts)
@ -85,6 +86,7 @@
- [Matano](https://github.com/matanolabs/matano): An open source security lake platform (SIEM alternative) for threat hunting, detection and response on AWS. Matano lets you write advanced detections as code (using python) to correlate and alert on threats in realtime.
- [Shuffle](https://github.com/Shuffle/Shuffle): A general purpose security automation platform.
- [Sublime](https://github.com/sublime-security/sublime-platform): An open platform for detection, response, and threat hunting in email environments. Sublime lets you write advanced detections as code to alert and remediate threats like phishing in real-time.
- [Substation](https://github.com/brexhq/substation) - A cloud native data pipeline and transformation toolkit for security teams.
### Endpoint Monitoring
@ -131,6 +133,10 @@
- [Hfinger](https://github.com/CERT-Polska/hfinger) - Fingerprinting HTTP requests
- [JARM](https://github.com/salesforce/jarm) - An active Transport Layer Security (TLS) server fingerprinting tool.
### Email Monitoring
- [Sublime Platform](https://github.com/sublime-security/sublime-platform) - An email threat detection engine
## Detection Rules
- [Sigma](https://github.com/SigmaHQ/sigma) - Generic Signature Format for SIEM Systems
@ -141,6 +147,7 @@
- [Chronicle Detection Rules](https://github.com/chronicle/detection-rules) - Collection of YARA-L 2.0 sample rules for the Chronicle Detection API.
- [GCP Security Analytics](https://github.com/GoogleCloudPlatform/security-analytics) - Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud.
- [ThreatHunter-Playbook](https://github.com/OTRF/ThreatHunter-Playbook) - A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
- [Sublime Detection Rules](https://github.com/sublime-security/sublime-rules) - Email attack detection, response, and hunting rules.
## Dataset
@ -159,6 +166,7 @@
- [attack_data](https://github.com/splunk/attack_data) - A repository of curated datasets from various attacks.
## Resources
- [Huntpedia](docs/huntpedia.pdf) - Your Threat Hunting Knowledge Compendium
@ -202,6 +210,7 @@
- [Lessons Learned in Detection Engineering](https://medium.com/starting-up-security/lessons-learned-in-detection-engineering-304aec709856) - A well experienced detection engineer describes in detail his observations, challenges, and recommendations for building an effective threat detection program.
- [A Research-Driven process applied to Threat Detection Engineering Inputs](https://ateixei.medium.com/a-research-driven-process-applied-to-threat-detection-engineering-inputs-1b7e6fe0412b).
- [Investigation Scenario](https://twitter.com/search?q=%23InvestigationPath%20from%3Achrissanders88&f=live) tweets by Chris Sanders
- [Oh My Malware](https://ohmymalware.com) - A video series focused on malware execution and investigations using Elastic Security.
### Frameworks