This is a collection of threat detection rules / rules engines that I have come across.
- https://github.com/advanced-threat-research/Yara-Rules/
- https://github.com/airbnb/binaryalert/tree/master/rules/public
- https://github.com/avast/ioc
- https://github.com/chronicle/GCTI
- https://github.com/deadbits/yara-rules/
- https://github.com/delivr-to/detections/tree/main/yara-rules
- https://github.com/dr4k0nia/yara-rules
- https://github.com/elastic/protections-artifacts/tree/main/yara/rules
- https://github.com/elceef/yara-rulz
- https://github.com/embee-research/Yara-detection-rules/
- https://github.com/eset/malware-ioc
- https://github.com/fboldewin/YARA-rules/
- https://github.com/JPCERTCC/MalConfScan/tree/master/yara
- https://github.com/kevoreilly/CAPEv2/tree/master/data/yara
- https://github.com/malpedia/signator-rules/
- https://github.com/mandiant/red_team_tool_countermeasures/
- https://github.com/mikesxrs/Open-Source-YARA-rules
- https://github.com/mthcht/ThreatHunting-Keywords-yara-rules
- https://github.com/Neo23x0/god-mode-rules/
- https://github.com/Neo23x0/signature-base
- https://github.com/pmelson/yara_rules
- https://github.com/reversinglabs/reversinglabs-yara-rules/
- https://github.com/RussianPanda95/Yara-Rules
- https://github.com/sbousseaden/YaraHunts/
- https://github.com/SIFalcon/Detection
- https://github.com/stairwell-inc/threat-research
- https://github.com/StrangerealIntel/DailyIOC
- https://github.com/telekom-security/malware_analysis/
- https://github.com/volexity/threat-intel
- https://github.com/Yara-Rules/rules
- https://github.com/YARAHQ/yara-forge/releases
- https://github.com/roadwy/DefenderYara/
- https://github.com/anil-yelken/sigma-rules
- https://github.com/center-for-threat-informed-defense/cloud-analytics/tree/main/analytics
- https://github.com/delivr-to/detections/tree/main/sigma-rules
- https://github.com/joesecurity/sigma-rules
- https://github.com/magicsword-io/LOLDrivers/tree/main/detections/sigma
- https://github.com/mbabinski/Sigma-Rules
- https://github.com/mdecrevoisier/SIGMA-detection-rules
- https://github.com/mthcht/ThreatHunting-Keywords-sigma-rules
- https://github.com/P4T12ICK/Sigma-Rule-Repository
- https://github.com/SigmaHQ/sigma/tree/master/rules
- https://github.com/The-DFIR-Report/Sigma-Rules
- https://github.com/tsale/Sigma_rules
- https://github.com/CloudDefenseAI/falco_extended_rules
- https://github.com/falcosecurity/rules
- https://gitlab.com/gitlab-org/security-products/package-hunter/-/blob/main/falco/falco_rules.local.yaml
- https://github.com/nsacyber/ELITEWOLF
- https://rules.emergingthreatspro.com/open/
- https://www.snort.org/downloads/#rule-downloads
- https://github.com/mthcht/ThreatHunting-Keywords
- https://github.com/splunk/security_content
- https://research.splunk.com/detections/
- https://research.splunk.com/stories/
- https://github.com/anvilogic-forge/armory
- https://github.com/delivr-to/detections/tree/main/sublime-rules
- https://github.com/sublime-security/sublime-rules/
- https://github.com/vector-sec/public-sublime-rules
- https://github.com/0xAnalyst/DefenderATPQueries
- https://github.com/Azure/Azure-Sentinel
- https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
- https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection
- https://github.com/reprise99/Sentinel-Queries
- https://www.kqlsearch.com/
- https://github.com/projectdiscovery/nuclei-templates/
- https://github.com/UnaPibaGeek/honeypots-detection
- https://docs.velociraptor.app/exchange/
- https://github.com/0x534a/dynmx-signatures (dynmx)
- https://github.com/ahmedkhlief/APT-Hunter
- https://github.com/Algbra-Labs-OSS/Chronicle
- https://github.com/aquasecurity/tracee/tree/main/signatures
- https://github.com/chronicle/detection-rules/
- https://github.com/elastic/detection-rules
- https://github.com/elastic/protections-artifacts/blob/main/ransomware/artifact.lua (ransomware)
- https://github.com/elastic/protections-artifacts/tree/main/behavior/rules
- https://github.com/GoogleCloudPlatform/security-analytics
- https://github.com/malwareinfosec/EKFiddle/blob/master/Regexes/MasterRegexes.txt - exploit kit regexes
- https://github.com/mgreen27/DetectRaptor
- https://github.com/mthcht/awesome-lists
- https://github.com/panther-labs/panther-analysis/tree/master/rules
- https://github.com/phish-report/IOK/tree/main/indicators - phishing kit signatures
- https://github.com/quadrantsec/sagan-rules
- https://github.com/rabbitstack/fibratus/tree/master/rules
- https://github.com/referefref/honeydet/blob/main/signatures.yaml - honeypot detection signatures
- https://github.com/wazuh/wazuh/tree/master/ruleset
- https://github.com/Yamato-Security/hayabusa
- https://github.com/Yamato-Security/hayabusa-rules