Skip to content

A collection of various SIEM rules relating to malware family groups.

License

Notifications You must be signed in to change notification settings

reversinglabs/reversinglabs-siem-rules

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
 
 
 
 
 
 
 
 

Repository files navigation

reversinglabs-siem-rules

This repository contains SIEM rules to aid in detecting the tactics, techniques, and procedures (TTPs) used by various threat actors.

Want to stay in the loop? Subscribe to be notified for new Microsoft Sentinel content from ReversingLabs: https://www.reversinglabs.com/threat-intel-weekly-newsletter-sign-up

Categories

Contents

Each group will have the following subdirectories containing detection rules and other useful resources:

Sigma

This folder contains Sigma rules that can be used to detect threat actor TTPs.

KQL

This folder contains KQL queries that can be used to identify threat actor TTPs in Microsoft Sentinel and Microsoft Defender for Endpoint. Use these queries to hunt for threats, or create analytic rules to generate alerts and incidents.

YARA

This optional folder contains related YARA rules that can be used to identify malware.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

A collection of various SIEM rules relating to malware family groups.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages