This repository is used to build multiple detections across 14 different categories. It is a detection engineering practice space, with rules written primarily in Sigma and optionally translated for Splunk and/or Sentinel.
- DNS-Based
- Network & TLS
- Windows Authentication & Credentials
- Windows Process Execution & LOLBins
- Windows Persistence
- Lateral Movement
- Active Directory Attacks
- Linux Persistence & Privesc
- Email & Phishing
- Cloud & Modern Identity
- Malware & C2
- Defence Evasion
- Data Exfiltration