awesome-detection-rules

This is a collection of threat detection rules / rules engines that I have come across.

Yara

• https://github.com/advanced-threat-research/Yara-Rules/
• https://github.com/airbnb/binaryalert/tree/master/rules/public
• https://github.com/avast/ioc
• https://github.com/chronicle/GCTI
• https://github.com/deadbits/yara-rules/
• https://github.com/delivr-to/detections/tree/main/yara-rules
• https://github.com/dr4k0nia/yara-rules
• https://github.com/elastic/protections-artifacts/tree/main/yara/rules
• https://github.com/elceef/yara-rulz
• https://github.com/embee-research/Yara-detection-rules/
• https://github.com/eset/malware-ioc
• https://github.com/fboldewin/YARA-rules/
• https://github.com/JPCERTCC/MalConfScan/tree/master/yara
• https://github.com/kevoreilly/CAPEv2/tree/master/data/yara
• https://github.com/malpedia/signator-rules/
• https://github.com/mandiant/red_team_tool_countermeasures/
• https://github.com/mikesxrs/Open-Source-YARA-rules
• https://github.com/mthcht/ThreatHunting-Keywords-yara-rules
• https://github.com/Neo23x0/god-mode-rules/
• https://github.com/Neo23x0/signature-base
• https://github.com/pmelson/yara_rules
• https://github.com/reversinglabs/reversinglabs-yara-rules/
• https://github.com/RussianPanda95/Yara-Rules
• https://github.com/sbousseaden/YaraHunts/
• https://github.com/SIFalcon/Detection
• https://github.com/stairwell-inc/threat-research
• https://github.com/StrangerealIntel/DailyIOC
• https://github.com/telekom-security/malware_analysis/
• https://github.com/volexity/threat-intel
• https://github.com/Yara-Rules/rules
• https://github.com/YARAHQ/yara-forge/releases
• https://github.com/roadwy/DefenderYara/

Sigma

• https://github.com/anil-yelken/sigma-rules
• https://github.com/center-for-threat-informed-defense/cloud-analytics/tree/main/analytics
• https://github.com/delivr-to/detections/tree/main/sigma-rules
• https://github.com/joesecurity/sigma-rules
• https://github.com/magicsword-io/LOLDrivers/tree/main/detections/sigma
• https://github.com/mbabinski/Sigma-Rules
• https://github.com/mdecrevoisier/SIGMA-detection-rules
• https://github.com/mthcht/ThreatHunting-Keywords-sigma-rules
• https://github.com/P4T12ICK/Sigma-Rule-Repository
• https://github.com/SigmaHQ/sigma/tree/master/rules
• https://github.com/The-DFIR-Report/Sigma-Rules
• https://github.com/tsale/Sigma_rules

Falco

• https://github.com/CloudDefenseAI/falco_extended_rules
• https://github.com/falcosecurity/rules
• https://gitlab.com/gitlab-org/security-products/package-hunter/-/blob/main/falco/falco_rules.local.yaml

Zeek

• https://github.com/zeek/zeek/tree/master/scripts/policy

Snort / Suricata

• https://github.com/nsacyber/ELITEWOLF
• https://rules.emergingthreatspro.com/open/
• https://www.snort.org/downloads/#rule-downloads

Splunk

• https://github.com/mthcht/ThreatHunting-Keywords
• https://github.com/splunk/security_content
• https://research.splunk.com/detections/
• https://research.splunk.com/stories/
• https://github.com/anvilogic-forge/armory

Sublime / MQL

• https://github.com/delivr-to/detections/tree/main/sublime-rules
• https://github.com/sublime-security/sublime-rules/
• https://github.com/vector-sec/public-sublime-rules

KQL

• https://github.com/0xAnalyst/DefenderATPQueries
• https://github.com/Azure/Azure-Sentinel
• https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
• https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection
• https://github.com/reprise99/Sentinel-Queries
• https://www.kqlsearch.com/

Nuclei

• https://github.com/projectdiscovery/nuclei-templates/
• https://github.com/UnaPibaGeek/honeypots-detection

Other

• https://docs.velociraptor.app/exchange/
• https://github.com/0x534a/dynmx-signatures (dynmx)
• https://github.com/ahmedkhlief/APT-Hunter
• https://github.com/Algbra-Labs-OSS/Chronicle
• https://github.com/aquasecurity/tracee/tree/main/signatures
• https://github.com/chronicle/detection-rules/
• https://github.com/elastic/detection-rules
• https://github.com/elastic/protections-artifacts/blob/main/ransomware/artifact.lua (ransomware)
• https://github.com/elastic/protections-artifacts/tree/main/behavior/rules
• https://github.com/GoogleCloudPlatform/security-analytics
• https://github.com/malwareinfosec/EKFiddle/blob/master/Regexes/MasterRegexes.txt - exploit kit regexes
• https://github.com/mgreen27/DetectRaptor
• https://github.com/mthcht/awesome-lists
• https://github.com/panther-labs/panther-analysis/tree/master/rules
• https://github.com/phish-report/IOK/tree/main/indicators - phishing kit signatures
• https://github.com/quadrantsec/sagan-rules
• https://github.com/rabbitstack/fibratus/tree/master/rules
• https://github.com/referefref/honeydet/blob/main/signatures.yaml - honeypot detection signatures
• https://github.com/wazuh/wazuh/tree/master/ruleset
• https://github.com/Yamato-Security/hayabusa
• https://github.com/Yamato-Security/hayabusa-rules