Merge pull request #18 from infosecB/merge
Merging awesome-detection-engineering listpull/19/head^2
commit
b38d7a1e14
|
@ -72,6 +72,7 @@
|
||||||
- [YARA](https://github.com/virustotal/yara) - The pattern matching swiss knife
|
- [YARA](https://github.com/virustotal/yara) - The pattern matching swiss knife
|
||||||
- [Intel Owl](https://github.com/intelowlproject/IntelOwl) - An Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale.
|
- [Intel Owl](https://github.com/intelowlproject/IntelOwl) - An Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale.
|
||||||
- [Capa](https://github.com/fireeye/capa) - An open-source tool to identify capabilities in executable files.
|
- [Capa](https://github.com/fireeye/capa) - An open-source tool to identify capabilities in executable files.
|
||||||
|
- [Splunk Security Content](https://github.com/splunk/security_content) Splunk-curated detection content that can easily be used accross many SIEMs (see Uncoder Rule Converter.)
|
||||||
- [Threat Bus](https://github.com/tenzir/threatbus) - Threat intelligence dissemination layer to connect security tools through a distributed publish/subscribe message broker.
|
- [Threat Bus](https://github.com/tenzir/threatbus) - Threat intelligence dissemination layer to connect security tools through a distributed publish/subscribe message broker.
|
||||||
|
|
||||||
#### Alerting Engine
|
#### Alerting Engine
|
||||||
|
@ -168,6 +169,9 @@
|
||||||
- [Capability Abstraction](https://posts.specterops.io/capability-abstraction-fbeaeeb26384) ([PDF](docs/specterops-CapabilityAbstraction.pdf))
|
- [Capability Abstraction](https://posts.specterops.io/capability-abstraction-fbeaeeb26384) ([PDF](docs/specterops-CapabilityAbstraction.pdf))
|
||||||
- [Awesome YARA](https://github.com/InQuest/awesome-yara) - A curated list of awesome YARA rules, tools, and resources
|
- [Awesome YARA](https://github.com/InQuest/awesome-yara) - A curated list of awesome YARA rules, tools, and resources
|
||||||
- [Defining ATT&CK Data Sources](https://medium.com/mitre-attack/defining-attack-data-sources-part-i-4c39e581454f) - A two-part blog series that outlines a new methodology to extend ATT&CK’s current data sources.
|
- [Defining ATT&CK Data Sources](https://medium.com/mitre-attack/defining-attack-data-sources-part-i-4c39e581454f) - A two-part blog series that outlines a new methodology to extend ATT&CK’s current data sources.
|
||||||
|
- [DETT&CT: MAPPING YOUR BLUE TEAM TO MITRE ATT&CK™](https://www.mbsecure.nl/blog/2019/5/dettact-mapping-your-blue-team-to-mitre-attack) - A blog that describes how to align MITRE ATT&CK-based detection content with data sources.
|
||||||
|
- Detection as Code in Splunk [Part 1, ](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-splunk-security-content-part-1.html)[Part 2, ](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-splunk-s-attack-range-part-2.html)[and Part 3](https://www.splunk.com/en_us/blog/security/ci-cd-detection-engineering-failing-part-3.html) - A multipart series describing how detection as code can be successfully deployed in a Splunk environment.
|
||||||
|
- [Lessons Learned in Detection Engineering](https://medium.com/starting-up-security/lessons-learned-in-detection-engineering-304aec709856) - A well experienced detection engineer describes in detail his observations, challenges, and recommendations for building an effective threat detection program.
|
||||||
|
|
||||||
#### Frameworks
|
#### Frameworks
|
||||||
|
|
||||||
|
@ -183,6 +187,7 @@
|
||||||
- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
|
- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
|
||||||
- [OSSEM](https://github.com/hunters-forge/OSSEM) (Open Source Security Events Metadata) - A community-led project that focuses on the documentation and standardization of security event logs from diverse data sources and operating systems
|
- [OSSEM](https://github.com/hunters-forge/OSSEM) (Open Source Security Events Metadata) - A community-led project that focuses on the documentation and standardization of security event logs from diverse data sources and operating systems
|
||||||
- [MITRE Shield](https://shield.mitre.org) - A knowledge base of active defense techniques and tactics ([Active Defense Matrix](https://shield.mitre.org/matrix/))
|
- [MITRE Shield](https://shield.mitre.org) - A knowledge base of active defense techniques and tactics ([Active Defense Matrix](https://shield.mitre.org/matrix/))
|
||||||
|
- [MaGMa Use Case Defintion Model](https://www.betaalvereniging.nl/wp-content/uploads/FI-ISAC-use-case-framework-verkorte-versie.pdf) - A business-centric approach for planning and defining threat detection use cases.
|
||||||
|
|
||||||
#### DNS
|
#### DNS
|
||||||
|
|
||||||
|
@ -285,6 +290,8 @@
|
||||||
- [CyberWardog's Blog](https://medium.com/@Cyb3rWard0g) ([old](https://cyberwardog.blogspot.com))
|
- [CyberWardog's Blog](https://medium.com/@Cyb3rWard0g) ([old](https://cyberwardog.blogspot.com))
|
||||||
- [Chris Sanders' Blog](https://chrissanders.org)
|
- [Chris Sanders' Blog](https://chrissanders.org)
|
||||||
- [Kolide Blog](https://blog.kolide.com/)
|
- [Kolide Blog](https://blog.kolide.com/)
|
||||||
|
- [Anton Chuvakin](https://medium.com/anton-on-security)
|
||||||
|
- [Alexandre Teixeira](https://ateixei.medium.com)
|
||||||
|
|
||||||
### Videos
|
### Videos
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue