A curated list of threat detection rule repositories and sharing communities.

This documentation is an effort to collect open source material that is useful for building basic threat detections. To have sophisticated detections, it often takes full time detection engineers, understanding of custom environments, etc. but everyone starts somewhere.

TODO: Add specifics on various detection rules & their functions for context (open source + vendor specific).

• Baseline OSQuery Configuration by Palantir
• OSQuery Defense Kit
• Panther's OOTB Detection Ruleset
• Sigma Rules
• Splunk Security Essentials Repository
• Awesome YARA Repo with Rules

There are many incredible articles that touch on threat detection engineering and creating robust rules. Here are some that we've collected.

• Lessons Learned in Detection Engineering
• Detection Spectrum & the Funnel of Fidelity
• Shifting from Detection 1.0 to 2.0
• Threat Hunting with Kubernetes Audit Logs
• An Alternative Way of Using MITRE ATT&CK for Threat Hunting and Detection
• A SOCless Detection Team at Netflix

• Twitter, Threat Detection & Detection Engineering Private Community
• Twitter, Awesome Detection Public Community

• Compiled List of Threat Detection & Hunting Resources
• Detection Engineering Pocketguide by Josh Liburdi