This is a collection of threat detection rules / rules engines that I have come across.
- https://github.com/Yara-Rules/rules
- https://github.com/elastic/protections-artifacts/tree/main/yara/rules
- https://github.com/Neo23x0/signature-base
- https://github.com/pmelson/yara_rules
- https://github.com/SigmaHQ/sigma/tree/master/rules
- https://github.com/joesecurity/sigma-rules
- https://github.com/mdecrevoisier/SIGMA-detection-rules
- https://github.com/P4T12ICK/Sigma-Rule-Repository
- https://github.com/The-DFIR-Report/Sigma-Rules
- https://github.com/tsale/Sigma_rules
- https://github.com/anil-yelken/sigma-rules
- https://github.com/mbabinski/Sigma-Rules/tree/main/2022_RedCanary_ThreatDetectionReport
- https://github.com/falcosecurity/rules
- https://gitlab.com/gitlab-org/security-products/package-hunter/-/blob/main/falco/falco_rules.local.yaml
- https://research.splunk.com/detections/
- https://research.splunk.com/stories/
- https://github.com/splunk/security_content
- https://github.com/rabbitstack/fibratus/tree/master/rules
- https://github.com/panther-labs/panther-analysis/tree/master/rules
- https://github.com/elastic/detection-rules
- https://github.com/elastic/protections-artifacts/tree/main/behavior/rules
- https://github.com/elastic/protections-artifacts/blob/main/ransomware/artifact.lua (ransomware)
- https://github.com/projectdiscovery/nuclei-templates/
- https://github.com/Algbra-Labs-OSS/Chronicle
- https://github.com/quadrantsec/sagan-rules
- https://github.com/Yamato-Security/hayabusa
- https://github.com/sublime-security/sublime-rules
- https://github.com/aquasecurity/tracee/tree/main/signatures
- https://github.com/mgreen27/DetectRaptor
- https://docs.velociraptor.app/exchange/
- https://github.com/wazuh/wazuh/tree/master/ruleset
- https://github.com/malwareinfosec/EKFiddle/blob/master/Regexes/MasterRegexes.txt - exploit kit regexes
- https://github.com/phish-report/IOK/tree/main/indicators - phishing kit signatures