awesome-detection-rules

This is a collection of threat detection rules / rules engines that I have come across.

Yara

• https://github.com/Yara-Rules/rules
• https://github.com/elastic/protections-artifacts/tree/main/yara/rules
• https://github.com/Neo23x0/signature-base
• https://github.com/pmelson/yara_rules

Sigma

• https://github.com/SigmaHQ/sigma/tree/master/rules
• https://github.com/joesecurity/sigma-rules
• https://github.com/mdecrevoisier/SIGMA-detection-rules
• https://github.com/P4T12ICK/Sigma-Rule-Repository
• https://github.com/The-DFIR-Report/Sigma-Rules
• https://github.com/tsale/Sigma_rules
• https://github.com/anil-yelken/sigma-rules
• https://github.com/mbabinski/Sigma-Rules/tree/main/2022_RedCanary_ThreatDetectionReport

Falco

• https://github.com/falcosecurity/rules
• https://gitlab.com/gitlab-org/security-products/package-hunter/-/blob/main/falco/falco_rules.local.yaml

Zeek

• https://github.com/zeek/zeek/tree/master/scripts/policy

Snort / Suricata

• https://rules.emergingthreatspro.com/open/
• https://www.snort.org/downloads/#rule-downloads

Splunk

• https://research.splunk.com/detections/
• https://research.splunk.com/stories/
• https://github.com/splunk/security_content

Other

• https://github.com/rabbitstack/fibratus/tree/master/rules
• https://github.com/panther-labs/panther-analysis/tree/master/rules
• https://github.com/elastic/detection-rules
• https://github.com/elastic/protections-artifacts/tree/main/behavior/rules
• https://github.com/elastic/protections-artifacts/blob/main/ransomware/artifact.lua (ransomware)
• https://github.com/projectdiscovery/nuclei-templates/
• https://github.com/Algbra-Labs-OSS/Chronicle
• https://github.com/quadrantsec/sagan-rules
• https://github.com/Yamato-Security/hayabusa
• https://github.com/sublime-security/sublime-rules
• https://github.com/aquasecurity/tracee/tree/main/signatures
• https://github.com/mgreen27/DetectRaptor
• https://docs.velociraptor.app/exchange/
• https://github.com/wazuh/wazuh/tree/master/ruleset
• https://github.com/malwareinfosec/EKFiddle/blob/master/Regexes/MasterRegexes.txt - exploit kit regexes
• https://github.com/phish-report/IOK/tree/main/indicators - phishing kit signatures