KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Rules for the Detection Engine in Elastic Security

A list of useful Detection Engineering-related resources.

Your window into the Elastic Stack

Elastic Integrations

Home for Elastic Endpoint Security Documentation

Threat Detection & Anomaly Detection rules for popular open-source components

An advanced memory forensics framework

Scirius is a web application for Suricata ruleset management.

Small and highly portable detection tests based on MITRE's ATT&CK.

CarbonBlack EDR detection rules and response actions

Logbook for Digital Forensics and Incident Response

Betrusted main SoC design

Resources for Windows exploit development

Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

The Center for Internet Security Enumeration and Scanning Program

ATT&CK Navigator layers for key Russia-aligned adversaries during the 2022 Ukraine crisis

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events…

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Various public documents, whitepapers and articles about APT campaigns

Public script from SANS FOR509 Enterprise Cloud Incident Response

Collection of Cyber Threat Intelligence sources from the deep and dark web

A curated list of hacking environments where you can train your cyber skills legally and safely