Detection Engineering with Splunk

Sigma Rules

Main Sigma Rule Repository

Elastic Detection Rules

Detection Rules is the official repository for the rules used by Elastic Security's Detection Engine. It provides a comprehensive toolkit for security teams to develop, validate, test, and release detection logic in a structured, code-driven manner. This approach enables version control, automated testing, and streamlined integration with the Elastic SIEM. ## Key Features - **Rule Development & Management** — Python module for parsing, validating, and packaging detection rules from TOML files. - **Detections as Code (DaC)** — Full pipeline and CLI tools to manage rules with version control and automated workflows. - **Unit Testing Framework** — Integrated Python testing suite to validate rule logic and ensure reliability. - **Kibana Integration** — Library for API calls to Kibana and the Detection Engine for seamless rule deployment. - **KQL Validation** — Library for parsing and validating Kibana Query Language used in rule conditions. - **Threat Hunting Packages** — Dedicated directory for storing and managing threat hunting queries and packages. ## Philosophy The project embraces a Detections-as-Code philosophy, treating security rules as software artifacts to improve maintainability, collaboration, and automation in threat detection.

KQL Advanced Hunting Queries & Analytics Rules

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Splunk Security Content

Splunk Security Content