Threat Detection
Showing 23 of 23 projects
A library of portable detection tests mapped to the MITRE ATT&CK framework for security testing.
A generic and open signature format for describing log event detections, shareable across SIEM systems.
A curated list of awesome honeypot resources, tools, and related components for cybersecurity research and defense.
A pattern-matching tool for malware researchers to identify and classify malware samples using custom rules.
A cloud native runtime security tool for Linux that detects abnormal behavior and security threats in real-time.
A malicious traffic detection system that monitors network traffic for blacklisted threats and suspicious activities using public feeds and heuristics.
A high-quality, commented Sysmon configuration template for Windows system monitoring and incident investigation.
Open source CNAPP that hunts for threats in cloud native platforms, ranks them by risk, and visualizes attack paths.
A curated list of awesome open-source tools, detection rules, datasets, and resources for threat detection and hunting.
A curated list of awesome YARA rules, tools, and resources for malware researchers and security professionals.
A security tool that visualizes and analyzes Windows Active Directory event logs to investigate malicious logon activity.
A modular repository of Sysmon configuration modules for customizable endpoint detection and logging.
A modular, low-resource network honeypot that mimics services to detect breaches and alert on attacker interactions.
A Windows Batch script toolset that simulates Advanced Persistent Threat (APT) attack indicators to test security monitoring and detection capabilities.
A public repository for developing, testing, and maintaining detection rules for Elastic Security's SIEM, with tools for Detections as Code.
A collection of 200 Windows EVTX event log samples mapped to MITRE ATT&CK techniques for detection testing and threat hunting.
A Windows security tool for real-time adversary tradecraft detection, memory scanning, and forensics via behavior-driven rules.
A secure low-code honeypot framework that uses AI to create high-interaction decoy systems for cyber attack detection and analysis.
A suite of network fingerprinting standards for TLS, TCP, HTTP, SSH, and other protocols to facilitate threat detection and security analysis.
A Python tool that generates YARA rules for malware detection by filtering out strings and opcodes that appear in goodware.
An open source, serverless security data lake for AWS that normalizes logs, enables detection-as-code, and supports petabyte-scale threat hunting.
An open-source repository of security detections, analytic stories, and response playbooks mapped to MITRE ATT&CK for Splunk Enterprise Security.
A Linux distribution for network detection and response (NDR) built around Suricata, providing a complete NDR platform.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.