Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR. Learn more →
Detection-rules Alternatives
Similar projects and alternatives to detection-rules
-
-
Nutrient
Nutrient - The #1 PDF SDK Library. Bad PDFs = bad UX. Slow load times, broken annotations, clunky UX frustrates users. Nutrient’s PDF SDKs gives seamless document experiences, fast rendering, annotations, real-time collaboration, 100+ features. Used by 10K+ devs, serving ~half a billion users worldwide. Explore the SDK for free.
-
-
-
-
-
KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
-
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
detection-rules discussion
detection-rules reviews and mentions
-
Initial details about why the CrowdStrike's CSAgent.sys crashed
[2] https://github.com/elastic/detection-rules
- KrbRelayUp detection [Sigma] - Service Creation via Local Kerberos Authentication
-
Hunt and Detect KrbRelayUp
Elastic rule: https://github.com/elastic/detection-rules/blob/main/rules/windows/credential_access_kerberoasting_unusual_process.toml
-
Windows Security Logs
With regards to alerts, Elastic Security includes a ton of Windows focused detection rules, along with the ability to create custom rules for Windows Events (or any other source).
-
SIEM Test Cases
SIGMA SOCPrime Sigma Sigma Translator Elastic Rules Splunk Rules ThreatHunter Playbook iRedTeam Lolbas Atomic Red Team
- Identifies suspicious renamed COMSVCS.DLL Image Load, this DLL exports the MiniDump function that can be used to dump a process memory. This may indicate an attempt to dump LSASS memory while bypassing command line based detection in preparation for credential access.
-
I have an interview coming up this week for a IR/CSIRT role. Any tips on what to go over?
Go look at the new [Elastic Detection rules](https://github.com/elastic/detection-rules), find ways to talk about them. May favorite recent one is https://github.com/elastic/detection-rules/issues/1535
- Tool per riconoscimento di attacchi tramite log di server web
-
A note from our sponsor - CodeRabbit
coderabbit.ai | 18 Feb 2025
Stats
elastic/detection-rules is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.
The primary programming language of detection-rules is Python.